* In the garbage collector, if deleting a path fails, try to fix its
ownership, then try again.
This commit is contained in:
Eelco Dolstra
parent
a0a43c3206
commit
ec23ecc64d
3 changed files with 31 additions and 6 deletions
|
|
@ -452,12 +452,18 @@ void UserLock::release()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static bool amPrivileged()
|
bool amPrivileged()
|
||||||
{
|
{
|
||||||
return geteuid() == 0;
|
return geteuid() == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool haveBuildUsers()
|
||||||
|
{
|
||||||
|
return querySetting("build-users-group", "") != "";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void killUserWrapped(uid_t uid)
|
static void killUserWrapped(uid_t uid)
|
||||||
{
|
{
|
||||||
if (amPrivileged())
|
if (amPrivileged())
|
||||||
|
|
@ -468,7 +474,7 @@ static void killUserWrapped(uid_t uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void getOwnership(const Path & path)
|
void getOwnership(const Path & path)
|
||||||
{
|
{
|
||||||
string program = nixLibexecDir + "/nix-setuid-helper";
|
string program = nixLibexecDir + "/nix-setuid-helper";
|
||||||
|
|
||||||
|
|
@ -513,8 +519,7 @@ static void deletePathWrapped(const Path & path)
|
||||||
/* When using build users and we're not root, we may not have
|
/* When using build users and we're not root, we may not have
|
||||||
sufficient permission to delete the path. So use the setuid
|
sufficient permission to delete the path. So use the setuid
|
||||||
helper to change ownership to us. */
|
helper to change ownership to us. */
|
||||||
if (querySetting("build-users-group", "") != ""
|
if (haveBuildUsers() && !amPrivileged())
|
||||||
|| !amPrivileged())
|
|
||||||
getOwnership(path);
|
getOwnership(path);
|
||||||
deletePath(path);
|
deletePath(path);
|
||||||
}
|
}
|
||||||
|
|
@ -1320,7 +1325,7 @@ void DerivationGoal::startBuilder()
|
||||||
|
|
||||||
/* If `build-users-group' is not empty, then we have to build as
|
/* If `build-users-group' is not empty, then we have to build as
|
||||||
one of the members of that group. */
|
one of the members of that group. */
|
||||||
if (querySetting("build-users-group", "") != "") {
|
if (haveBuildUsers()) {
|
||||||
buildUser.acquire();
|
buildUser.acquire();
|
||||||
assert(buildUser.getUID() != 0);
|
assert(buildUser.getUID() != 0);
|
||||||
assert(buildUser.getGID() != 0);
|
assert(buildUser.getGID() != 0);
|
||||||
|
|
|
||||||
|
|
@ -710,7 +710,18 @@ void deleteFromStore(const Path & _path, unsigned long long & bytesFreed)
|
||||||
}
|
}
|
||||||
txn.commit();
|
txn.commit();
|
||||||
|
|
||||||
|
try {
|
||||||
|
/* First try to delete it ourselves. */
|
||||||
deletePath(path, bytesFreed);
|
deletePath(path, bytesFreed);
|
||||||
|
} catch (SysError & e) {
|
||||||
|
/* If this failed due to a permission error, then try it with
|
||||||
|
the setuid helper. */
|
||||||
|
if (haveBuildUsers() && !amPrivileged()) {
|
||||||
|
getOwnership(path);
|
||||||
|
deletePath(path, bytesFreed);
|
||||||
|
} else
|
||||||
|
throw;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -139,6 +139,15 @@ void deleteFromStore(const Path & path, unsigned long long & bytesFreed);
|
||||||
|
|
||||||
void verifyStore(bool checkContents);
|
void verifyStore(bool checkContents);
|
||||||
|
|
||||||
|
/* Whether we are in build users mode. */
|
||||||
|
bool haveBuildUsers();
|
||||||
|
|
||||||
|
/* Whether we are root. */
|
||||||
|
bool amPrivileged();
|
||||||
|
|
||||||
|
/* Recursively change the ownership of `path' to the current uid. */
|
||||||
|
void getOwnership(const Path & path);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue