diff options
| -rw-r--r-- | src/libstore/build.cc | 15 | ||||
| -rw-r--r-- | src/libstore/local-store.cc | 13 | ||||
| -rw-r--r-- | src/libstore/local-store.hh | 9 |
3 files changed, 31 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index c4ff628914..7ae0dd4ec4 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -452,12 +452,18 @@ void UserLock::release() } -static bool amPrivileged() +bool amPrivileged() { return geteuid() == 0; } +bool haveBuildUsers() +{ + return querySetting("build-users-group", "") != ""; +} + + static void killUserWrapped(uid_t uid) { if (amPrivileged()) @@ -468,7 +474,7 @@ static void killUserWrapped(uid_t uid) } -static void getOwnership(const Path & path) +void getOwnership(const Path & path) { string program = nixLibexecDir + "/nix-setuid-helper"; @@ -513,8 +519,7 @@ static void deletePathWrapped(const Path & path) /* When using build users and we're not root, we may not have sufficient permission to delete the path. So use the setuid helper to change ownership to us. */ - if (querySetting("build-users-group", "") != "" - || !amPrivileged()) + if (haveBuildUsers() && !amPrivileged()) getOwnership(path); deletePath(path); } @@ -1320,7 +1325,7 @@ void DerivationGoal::startBuilder() /* If `build-users-group' is not empty, then we have to build as one of the members of that group. */ - if (querySetting("build-users-group", "") != "") { + if (haveBuildUsers()) { buildUser.acquire(); assert(buildUser.getUID() != 0); assert(buildUser.getGID() != 0); diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 143f093e5b..2378002097 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -710,7 +710,18 @@ void deleteFromStore(const Path & _path, unsigned long long & bytesFreed) } txn.commit(); - deletePath(path, bytesFreed); + try { + /* First try to delete it ourselves. */ + deletePath(path, bytesFreed); + } catch (SysError & e) { + /* If this failed due to a permission error, then try it with + the setuid helper. */ + if (haveBuildUsers() && !amPrivileged()) { + getOwnership(path); + deletePath(path, bytesFreed); + } else + throw; + } } diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 58bb70d0e4..6e2350abef 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -139,6 +139,15 @@ void deleteFromStore(const Path & path, unsigned long long & bytesFreed); void verifyStore(bool checkContents); +/* Whether we are in build users mode. */ +bool haveBuildUsers(); + +/* Whether we are root. */ +bool amPrivileged(); + +/* Recursively change the ownership of `path' to the current uid. */ +void getOwnership(const Path & path); + } |