about summary refs log tree commit diff
path: root/third_party/nix/src/nix/run.cc
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/nix/src/nix/run.cc')
-rw-r--r--third_party/nix/src/nix/run.cc37
1 files changed, 25 insertions, 12 deletions
diff --git a/third_party/nix/src/nix/run.cc b/third_party/nix/src/nix/run.cc
index 64b883b9a316..523aa87472d6 100644
--- a/third_party/nix/src/nix/run.cc
+++ b/third_party/nix/src/nix/run.cc
@@ -31,8 +31,9 @@ struct CmdRun : InstallablesCommand {
         .labels({"command", "args"})
         .arity(ArityAny)
         .handler([&](std::vector<std::string> ss) {
-          if (ss.empty())
+          if (ss.empty()) {
             throw UsageError("--command requires at least one argument");
+          }
           command = ss;
         });
 
@@ -87,9 +88,10 @@ struct CmdRun : InstallablesCommand {
     auto accessor = store->getFSAccessor();
 
     if (ignoreEnvironment) {
-      if (!unset.empty())
+      if (!unset.empty()) {
         throw UsageError(
             "--unset does not make sense with --ignore-environment");
+      }
 
       std::map<std::string, std::string> kept;
       for (auto& var : keep) {
@@ -106,9 +108,10 @@ struct CmdRun : InstallablesCommand {
       }
 
     } else {
-      if (!keep.empty())
+      if (!keep.empty()) {
         throw UsageError(
             "--keep does not make sense without --ignore-environment");
+      }
 
       for (auto& var : unset) {
         unsetenv(var.c_str());
@@ -191,17 +194,21 @@ void chrootHelper(int argc, char** argv) {
   std::string realStoreDir = argv[p++];
   std::string cmd = argv[p++];
   Strings args;
-  while (p < argc) args.push_back(argv[p++]);
+  while (p < argc) {
+    args.push_back(argv[p++]);
+  }
 
 #if __linux__
   uid_t uid = getuid();
   uid_t gid = getgid();
 
-  if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1)
+  if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1) {
     /* Try with just CLONE_NEWNS in case user namespaces are
        specifically disabled. */
-    if (unshare(CLONE_NEWNS) == -1)
+    if (unshare(CLONE_NEWNS) == -1) {
       throw SysError("setting up a private mount namespace");
+    }
+  }
 
   /* Bind-mount realStoreDir on /nix/store. If the latter mount
      point doesn't already exists, we have to create a chroot
@@ -218,8 +225,9 @@ void chrootHelper(int argc, char** argv) {
     createDirs(tmpDir + storeDir);
 
     if (mount(realStoreDir.c_str(), (tmpDir + storeDir).c_str(), "", MS_BIND,
-              0) == -1)
+              0) == -1) {
       throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
+    }
 
     for (auto entry : readDirectory("/")) {
       auto src = "/" + entry.name;
@@ -231,10 +239,12 @@ void chrootHelper(int argc, char** argv) {
       if (pathExists(dst)) {
         continue;
       }
-      if (mkdir(dst.c_str(), 0700) == -1)
+      if (mkdir(dst.c_str(), 0700) == -1) {
         throw SysError("creating directory '%s'", dst);
-      if (mount(src.c_str(), dst.c_str(), "", MS_BIND | MS_REC, 0) == -1)
+      }
+      if (mount(src.c_str(), dst.c_str(), "", MS_BIND | MS_REC, 0) == -1) {
         throw SysError("mounting '%s' on '%s'", src, dst);
+      }
     }
 
     char* cwd = getcwd(0, 0);
@@ -243,14 +253,17 @@ void chrootHelper(int argc, char** argv) {
     }
     Finally freeCwd([&]() { free(cwd); });
 
-    if (chroot(tmpDir.c_str()) == -1)
+    if (chroot(tmpDir.c_str()) == -1) {
       throw SysError(format("chrooting into '%s'") % tmpDir);
+    }
 
-    if (chdir(cwd) == -1)
+    if (chdir(cwd) == -1) {
       throw SysError(format("chdir to '%s' in chroot") % cwd);
+    }
   } else if (mount(realStoreDir.c_str(), storeDir.c_str(), "", MS_BIND, 0) ==
-             -1)
+             -1) {
     throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
+  }
 
   writeFile("/proc/self/setgroups", "deny");
   writeFile("/proc/self/uid_map", fmt("%d %d %d", uid, uid, 1));
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-08-12T15ยท19+0000