about summary refs log tree commit diff
path: root/src/libstore/build.cc
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2015-03-24T10·35+0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-03-24T10·35+0100
commit5ce50cd99e740d0d0f18c30327ae687be9356553 (patch)
tree22711ae7759fd6514259afc5794a47bc4ccab6fa /src/libstore/build.cc
parent6f0c6e20e03bc82fcf0d2198cf81fa2cf25c2f6c (diff)
Tighten permissions on chroot directories
Diffstat (limited to 'src/libstore/build.cc')
-rw-r--r--src/libstore/build.cc14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index d0299914813c..88efb9a65d1a 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1838,6 +1838,12 @@ void DerivationGoal::startBuilder()
 
         printMsg(lvlChatty, format("setting up chroot environment in ‘%1%’") % chrootRootDir);
 
+        if (mkdir(chrootRootDir.c_str(), 0750) == -1)
+            throw SysError(format("cannot create ‘%1%’") % chrootRootDir);
+
+        if (chown(chrootRootDir.c_str(), 0, buildUser.getGID()) == -1)
+            throw SysError(format("cannot change ownership of ‘%1%’") % chrootRootDir);
+
         /* Create a writable /tmp in the chroot.  Many builders need
            this.  (Of course they should really respect $TMPDIR
            instead.) */
@@ -1874,8 +1880,12 @@ void DerivationGoal::startBuilder()
            can be bind-mounted).  !!! As an extra security
            precaution, make the fake Nix store only writable by the
            build user. */
-        createDirs(chrootRootDir + settings.nixStore);
-        chmod_(chrootRootDir + settings.nixStore, 01777);
+        Path chrootStoreDir = chrootRootDir + settings.nixStore;
+        createDirs(chrootStoreDir);
+        chmod_(chrootStoreDir, 0730);
+
+        if (chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1)
+            throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir);
 
         foreach (PathSet::iterator, i, inputPaths) {
             struct stat st;