diff options
author | Shea Levy <shea@shealevy.com> | 2015-11-15T11·08-0500 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2015-11-15T11·08-0500 |
commit | 4390142315a0d6ed0f67712061498c68389ea3b7 (patch) | |
tree | 48e1620a9bd76e73a978c75419aacc9efe6ef789 | |
parent | bd09a4c96799275d105b5ffe9a6fcb60200deb5f (diff) |
Use AutoDelete for sandbox profile file
-rw-r--r-- | src/libstore/build.cc | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 1dee1ca2cd65..6f662f81daaf 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -778,9 +778,13 @@ private: DirsInChroot dirsInChroot; typedef map<string, string> Environment; Environment env; +#if SANDBOX_ENABLED typedef string SandboxProfile; SandboxProfile additionalSandboxProfile; + AutoDelete autoDelSandbox; +#endif + /* Hash rewriting. */ HashRewrites rewritesToTmp, rewritesFromTmp; typedef map<Path, Path> RedirectedOutputs; @@ -2445,9 +2449,10 @@ void DerivationGoal::runChild() const char *builder = "invalid"; string sandboxProfile; - if (isBuiltin(*drv)) + if (isBuiltin(*drv)) { ; - else if (useChroot && SANDBOX_ENABLED) { +#if SANDBOX_ENABLED + } else if (useChroot) { /* Lots and lots and lots of file functions freak out if they can't stat their full ancestry */ PathSet ancestry; @@ -2527,16 +2532,20 @@ void DerivationGoal::runChild() debug("Generated sandbox profile:"); debug(sandboxProfile); - Path tmpProfile = createTempDir() + "/profile.sb"; - writeFile(tmpProfile, sandboxProfile); + Path sandboxFile = drvPath + ".sb"; + if (pathExists(sandboxFile)) deletePath(sandboxFile); + autoDelSandbox = AutoDelete(sandboxFile); + + writeFile(sandboxFile, sandboxProfile); builder = "/usr/bin/sandbox-exec"; args.push_back("sandbox-exec"); args.push_back("-f"); - args.push_back(tmpProfile); + args.push_back(sandboxFile); args.push_back("-D"); args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir); args.push_back(drv->builder); +#endif } else { builder = drv->builder.c_str(); string builderBasename = baseNameOf(drv->builder); |