Don't silently succeed seccomp setup when !HAVE_SECCOMP.

Running Nix with build users without seccomp on Linux is dangerous, and administrators should very explicitly opt-in to it.
author: Shea Levy <shea@shealevy.com> 2018-02-19T14·56-0500
committer: Shea Levy <shea@shealevy.com> 2018-02-19T14·56-0500
commit: e59a8a63e10992834a48e2b43c854c2e4f990dbe (patch)
tree: 9e45dffde27fd522130dc1f19a8684dccebfbe45 /src
parent: ed73d40c3b19dc0581bbf28ef29aad50cab3aaf2 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 9b7abaa3d1ee..30f22833fa70 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2471,9 +2471,9 @@ void DerivationGoal::chownToBuilder(const Path & path)
 
 void setupSeccomp()
 {
-#if __linux__ && HAVE_SECCOMP
+#if __linux__
     if (!settings.filterSyscalls) return;
-
+#if HAVE_SECCOMP
     scmp_filter_ctx ctx;
 
     if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
@@ -2519,6 +2519,11 @@ void setupSeccomp()
 
     if (seccomp_load(ctx) != 0)
         throw SysError("unable to load seccomp BPF program");
+#else
+    throw Error("%s\n%s",
+        "seccomp is not supported on this platform"
+        "you can avoid this by setting the filter-syscalls option to false, but note that untrusted builds can then create setuid binaries!");
+#endif
 #endif
 }
author	Shea Levy <shea@shealevy.com>	2018-02-19T14·56-0500
committer	Shea Levy <shea@shealevy.com>	2018-02-19T14·56-0500
commit	e59a8a63e10992834a48e2b43c854c2e4f990dbe (patch)
tree	9e45dffde27fd522130dc1f19a8684dccebfbe45 /src
parent	ed73d40c3b19dc0581bbf28ef29aad50cab3aaf2 (diff)