Add comment

author: Eelco Dolstra <edolstra@gmail.com> 2016-12-22T16·38+0100
committer: Eelco Dolstra <edolstra@gmail.com> 2016-12-22T16·39+0100
commit: 786ee585b8cb0088db1a2e5d92db5fc199d9cb89 (patch)
tree: a7ced318737d42136e1d6f4035fe7474604bfb32 /src/libstore/build.cc
parent: 2d801bf0a4c2203e3b46042a3526c988f86a2d47 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index c970fbdcaa65..eaa9128d8f37 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2165,7 +2165,8 @@ void DerivationGoal::startBuilder()
                namespace, we can't drop additional groups; they will
                be mapped to nogroup in the child namespace. There does
                not seem to be a workaround for this. (But who can tell
-               from reading user_namespaces(7)?)*/
+               from reading user_namespaces(7)?)
+               See also https://lwn.net/Articles/621612/. */
             if (getuid() == 0 && setgroups(0, 0) == -1)
                 throw SysError("setgroups failed");
author	Eelco Dolstra <edolstra@gmail.com>	2016-12-22T16·38+0100
committer	Eelco Dolstra <edolstra@gmail.com>	2016-12-22T16·39+0100
commit	786ee585b8cb0088db1a2e5d92db5fc199d9cb89 (patch)
tree	a7ced318737d42136e1d6f4035fe7474604bfb32 /src/libstore/build.cc
parent	2d801bf0a4c2203e3b46042a3526c988f86a2d47 (diff)