Disable the build user mechanism on all platforms except Linux and OS X
This commit is contained in:
parent
85e93d7b87
commit
c8cc50d46e
1 changed files with 6 additions and 0 deletions
|
@ -1716,11 +1716,17 @@ void DerivationGoal::startBuilder()
|
|||
/* If `build-users-group' is not empty, then we have to build as
|
||||
one of the members of that group. */
|
||||
if (settings.buildUsersGroup != "" && getuid() == 0) {
|
||||
#if defined(__linux__) || defined(__APPLE__)
|
||||
buildUser = std::make_unique<UserLock>();
|
||||
|
||||
/* Make sure that no other processes are executing under this
|
||||
uid. */
|
||||
buildUser->kill();
|
||||
#else
|
||||
/* Don't know how to block the creation of setuid/setgid
|
||||
binaries on this platform. */
|
||||
throw Error("build users are not supported on this platform for security reasons");
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Create a temporary directory where the build will take
|
||||
|
|
Loading…
Reference in a new issue