* Beginning of secure multi-user Nix stores. If Nix is started as
root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
This commit is contained in:
Eelco Dolstra
parent
15ff877438
commit
32282abcea
4 changed files with 219 additions and 58 deletions
|
|
@ -53,15 +53,6 @@ extern unsigned int maxBuildJobs;
|
|||
database. */
|
||||
extern bool readOnlyMode;
|
||||
|
||||
/* Whether to allow builds by root. Corresponds to the
|
||||
`build-allow-root' configuration option. */
|
||||
extern bool buildAllowRoot;
|
||||
|
||||
/* The list of users under which root-initiated builds can be
|
||||
performed. Correspons to the `build-users' configuration
|
||||
option. */
|
||||
extern list<string> buildUsers;
|
||||
|
||||
|
||||
Strings querySetting(const string & name, const Strings & def);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue