Clear supplementary groups of `nixbld' in /etc/passwd in chroots.
* src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't display any supplementary groups for `nixbld' in /etc/passwd.
This commit is contained in:
parent
05fbf61f0e
commit
2e8eaca573
1 changed files with 5 additions and 4 deletions
|
@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder()
|
|||
createDirs(chrootTmpDir);
|
||||
chmod(chrootTmpDir, 01777);
|
||||
|
||||
/* Create a /etc/passwd with entries for the build user and
|
||||
the nobody account. The latter is kind of a hack to
|
||||
support Samba-in-QEMU. */
|
||||
/* Create a /etc/passwd with entries for the build user and the
|
||||
nobody account. The latter is kind of a hack to support
|
||||
Samba-in-QEMU. For the sake of consistency with the setgroups(2)
|
||||
call below, the build user has no supplementary groups. */
|
||||
createDirs(chrootRootDir + "/etc");
|
||||
|
||||
writeFile(chrootRootDir + "/etc/passwd",
|
||||
(format(
|
||||
"nixbld:x:%1%:65534:Nix build user:/:/noshell\n"
|
||||
"nixbld:x:%1%:%1%:Nix build user:/:/noshell\n"
|
||||
"nobody:x:65534:65534:Nobody:/:/noshell\n")
|
||||
% (buildUser.enabled() ? buildUser.getUID() : getuid())).str());
|
||||
|
||||
|
|
Loading…
Reference in a new issue