Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2006-12-07 | * Be less verbose. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-07 | * Rename all those main.cc files. | Eelco Dolstra | 10 | -5/+5 | |
2006-12-07 | * Check for lchown. | Eelco Dolstra | 2 | -9/+8 | |
2006-12-07 | * Don't count on the Pid deconstructor to kill the child process, | Eelco Dolstra | 1 | -2/+14 | |
since if we're running a build user in non-root mode, we can't. Let the setuid helper do it. | |||||
2006-12-07 | * Move setuidCleanup() to libutil. | Eelco Dolstra | 5 | -27/+23 | |
2006-12-07 | * If not running as root, let the setuid helper kill the build user's | Eelco Dolstra | 2 | -31/+69 | |
processes before and after the build. | |||||
2006-12-07 | * In the garbage collector, if deleting a path fails, try to fix its | Eelco Dolstra | 3 | -6/+31 | |
ownership, then try again. | |||||
2006-12-07 | * When not running as root, call the setuid helper to change the | Eelco Dolstra | 2 | -7/+13 | |
ownership of the build result after the build. | |||||
2006-12-07 | * Change the ownership of store paths to the Nix account before | Eelco Dolstra | 3 | -38/+104 | |
deleting them using the setuid helper. | |||||
2006-12-07 | * Pass the actual build user to the setuid helper. | Eelco Dolstra | 1 | -22/+10 | |
2006-12-07 | * If Nix is not running as root, call the setuid helper to start the | Eelco Dolstra | 2 | -26/+41 | |
builder under the desired build user. | |||||
2006-12-07 | * Sanity check. | Eelco Dolstra | 1 | -1/+7 | |
2006-12-07 | * Move killUser() to libutil so that the setuid helper can use it. | Eelco Dolstra | 3 | -48/+79 | |
2006-12-06 | * Change the ownership of the current directory to the build user. | Eelco Dolstra | 1 | -3/+16 | |
2006-12-06 | * Verify that the desired target user is in the build users group (as | Eelco Dolstra | 1 | -10/+43 | |
specified in the setuid config file). | |||||
2006-12-06 | * Check that the caller is allowed to call the setuid helper. The | Eelco Dolstra | 1 | -12/+49 | |
allowed uid is specified in a configuration file in /etc/nix-setuid.conf. | |||||
2006-12-06 | * Urgh. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-06 | * Fix the safety check. | Eelco Dolstra | 1 | -2/+2 | |
2006-12-06 | * Oops. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-06 | * Get rid of `build-users'. We'll just take all the members of | Eelco Dolstra | 3 | -64/+86 | |
`build-users-group'. This makes configuration easier: you can just add users in /etc/group. | |||||
2006-12-06 | * nix-setuid-helper: allow running programs under a different uid. | Eelco Dolstra | 3 | -11/+140 | |
2006-12-06 | * Start of the setuid helper (the program that performs the operations | Eelco Dolstra | 5 | -4/+18 | |
that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership). | |||||
2006-12-05 | * Be less chatty. | Eelco Dolstra | 1 | -2/+2 | |
2006-12-05 | * Urgh. Do setgid() before setuid(), because the semantics of setgid() | Eelco Dolstra | 1 | -4/+4 | |
changes completely depending on whether you're root... | |||||
2006-12-05 | * Tricky: child processes should not send data to the client since | Eelco Dolstra | 1 | -2/+10 | |
that might mess up the protocol. And besides, the socket file descriptor is probably closed. | |||||
2006-12-05 | * FreeBSD returns ESRCH when there are no processes to kill. | Eelco Dolstra | 1 | -4/+8 | |
2006-12-05 | * Oops! In daemon mode, we can't run as root either if build-users is empty. | Eelco Dolstra | 1 | -2/+2 | |
2006-12-05 | * Use an explicit handler for SIGCHLD, since SIG_IGN doesn't do the | Eelco Dolstra | 1 | -3/+15 | |
right thing on FreeBSD 4 (it leaves zombies). | |||||
2006-12-05 | * Better message. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-05 | * Ugly hack to handle spurious SIGPOLLs. | Eelco Dolstra | 1 | -20/+50 | |
2006-12-05 | * Some renaming. | Eelco Dolstra | 1 | -6/+6 | |
2006-12-05 | * Redundant. | Eelco Dolstra | 4 | -130/+0 | |
2006-12-05 | * Allow unprivileged users to run the garbage collector and to do | Eelco Dolstra | 16 | -56/+106 | |
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well. | |||||
2006-12-05 | * The determination of the root set should be made by the privileged | Eelco Dolstra | 9 | -77/+138 | |
process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough. | |||||
2006-12-05 | * findRoots: return a map from the symlink (outside of the store) to | Eelco Dolstra | 1 | -11/+16 | |
the store path (inside the store). | |||||
2006-12-05 | * In addPermRoot, check that the root that we just registered can be | Eelco Dolstra | 2 | -18/+42 | |
found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores. | |||||
2006-12-04 | * Add indirect root registration to the protocol so that unprivileged | Eelco Dolstra | 7 | -6/+42 | |
processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root... | |||||
2006-12-04 | * Not every OS knows about SIGPOLL. | Eelco Dolstra | 1 | -0/+5 | |
2006-12-04 | * Don't redirect stderr. | Eelco Dolstra | 1 | -6/+0 | |
2006-12-04 | * Handle exceptions and stderr for all protocol functions. | Eelco Dolstra | 2 | -19/+64 | |
* SIGIO -> SIGPOLL (POSIX calls it that). * Use sigaction instead of signal to register the SIGPOLL handler. Sigaction is better defined, and a handler registered with signal appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad. | |||||
2006-12-04 | * Daemon mode (`nix-worker --daemon'). Clients connect to the server | Eelco Dolstra | 7 | -53/+182 | |
via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes. | |||||
2006-12-04 | * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket | Eelco Dolstra | 3 | -8/+37 | |
instead of forking a worker. | |||||
2006-12-04 | * Refactoring. | Eelco Dolstra | 3 | -17/+33 | |
2006-12-04 | * Pass the verbosity level to the worker. | Eelco Dolstra | 1 | -2/+8 | |
2006-12-04 | * Install the worker in bindir, not libexecdir. | Eelco Dolstra | 6 | -2/+11 | |
* Allow the worker path to be overriden through the NIX_WORKER environment variable. | |||||
2006-12-03 | * Doh. | Eelco Dolstra | 2 | -1/+4 | |
2006-12-03 | * Don't run setuid root when build-users is empty. | Eelco Dolstra | 3 | -26/+51 | |
* Send startup errors to the client. | |||||
2006-12-03 | * Removed `build-allow-root'. | Eelco Dolstra | 5 | -39/+61 | |
* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group. | |||||
2006-12-03 | * Use setreuid if setresuid is not available. | Eelco Dolstra | 2 | -7/+17 | |
2006-12-03 | * Handle a subtle race condition: the client closing the socket | Eelco Dolstra | 1 | -2/+30 | |
between the last worker read/write and the enabling of the signal handler. |