about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2010-03-11T10·21+0000
committerLudovic Courtès <ludo@gnu.org>2010-03-11T10·21+0000
commit2e8eaca573ccda707ff42c136a6f38a34f2975b4 (patch)
tree922b2c54a052cd53d79f946237bd5f6d49451f75 /src/libstore
parent05fbf61f0e4f2670d23929235e2da5342599d447 (diff)
Clear supplementary groups of `nixbld' in /etc/passwd in chroots.
* src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't
  display any supplementary groups for `nixbld' in /etc/passwd.
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index f4478a4db2f0..85948f799f6b 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder()
         createDirs(chrootTmpDir);
         chmod(chrootTmpDir, 01777);
 
-        /* Create a /etc/passwd with entries for the build user and
-           the nobody account.  The latter is kind of a hack to
-           support Samba-in-QEMU. */
+        /* Create a /etc/passwd with entries for the build user and the
+           nobody account.  The latter is kind of a hack to support
+           Samba-in-QEMU.  For the sake of consistency with the setgroups(2)
+           call below, the build user has no supplementary groups. */
         createDirs(chrootRootDir + "/etc");
 
         writeFile(chrootRootDir + "/etc/passwd",
             (format(
-                "nixbld:x:%1%:65534:Nix build user:/:/noshell\n"
+                "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n"
                 "nobody:x:65534:65534:Nobody:/:/noshell\n")
                 % (buildUser.enabled() ? buildUser.getUID() : getuid())).str());