diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-07T11·27+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-07T11·27+0000 |
commit | 7d8cf316eec3b5b1f2cf5ae8558a80bcaa69437f (patch) | |
tree | 2b5f5727c4e915af4f0069210e584575519ffe92 /src | |
parent | a45c498e4e1109e0147b46df1230db718e5bceb1 (diff) |
* Pass the actual build user to the setuid helper.
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/build.cc | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index be6f934890e1..2b2b54cd1f30 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -340,6 +340,7 @@ private: Path fnUserLock; AutoCloseFD fdUserLock; + string user; uid_t uid; gid_t gid; @@ -350,10 +351,12 @@ public: void acquire(); void release(); - uid_t getUID(); - uid_t getGID(); + string getUser() { return user; } + uid_t getUID() { return uid; } + uid_t getGID() { return gid; } - bool enabled(); + bool enabled() { return uid != 0; } + }; @@ -420,6 +423,7 @@ void UserLock::acquire() if (lockFile(fd, ltWrite, false)) { fdUserLock = fd.borrow(); lockedPaths.insert(fnUserLock); + user = *i; uid = pw->pw_uid; /* Sanity check... */ @@ -448,24 +452,6 @@ void UserLock::release() } -uid_t UserLock::getUID() -{ - return uid; -} - - -uid_t UserLock::getGID() -{ - return gid; -} - - -bool UserLock::enabled() -{ - return uid != 0; -} - - static bool amPrivileged() { return geteuid() == 0; @@ -1351,6 +1337,7 @@ void DerivationGoal::startBuilder() Path program = drv.builder.c_str(); std::vector<const char *> args; /* careful with c_str()! */ + string user; /* must be here for its c_str()! */ /* If we are running in `build-users' mode, then switch to the user we allocated above. Make sure that we drop @@ -1381,7 +1368,8 @@ void DerivationGoal::startBuilder() program = nixLibexecDir + "/nix-setuid-helper"; args.push_back(program.c_str()); args.push_back("run-builder"); - args.push_back("nix-builder-1"); /* !!! TODO */ + user = buildUser.getUser().c_str(); + args.push_back(user.c_str()); args.push_back(drv.builder.c_str()); } } |