about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/libstore/build.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index f38d2eaa0cde..8397cd0d1dd7 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -466,8 +466,12 @@ void handleDiffHook(bool allowVfork, uid_t uid, uid_t gid, Path tryA, Path tryB,
     auto diffHook = settings.diffHook;
     if (diffHook != "" && settings.runDiffHook) {
         auto wrapper = [&]() {
+            if (chdir("/") == -1)
+                throw SysError("chdir / failed");
             if (setgid(gid) == -1)
                 throw SysError("setgid failed");
+            if (setgroups(0, 0) == -1)
+                throw SysError("setgroups failed");
             if (setuid(uid) == -1)
                 throw SysError("setuid failed");