From 522ecab9b83902de5a3010b50b9532e376cbba4c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 3 Oct 2012 17:30:45 -0400 Subject: Drop support for running nix-worker in "slave" mode AFAIK nobody uses this, setuid binaries are evil, and there is no good reason why people can't just run the daemon. --- src/libstore/remote-store.cc | 58 +++----------------------------------------- 1 file changed, 3 insertions(+), 55 deletions(-) (limited to 'src/libstore/remote-store.cc') diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc index 08e409d3f058..16b5db80822f 100644 --- a/src/libstore/remote-store.cc +++ b/src/libstore/remote-store.cc @@ -50,16 +50,12 @@ void RemoteStore::openConnection(bool reserveSpace) string remoteMode = getEnv("NIX_REMOTE"); - if (remoteMode == "slave") - /* Fork off a setuid worker to do the privileged work. */ - forkSlave(); - else if (remoteMode == "daemon") + if (remoteMode == "daemon") /* Connect to a daemon that does the privileged work for us. */ - connectToDaemon(); + connectToDaemon(); else - throw Error(format("invalid setting for NIX_REMOTE, `%1%'") - % remoteMode); + throw Error(format("invalid setting for NIX_REMOTE, `%1%'") % remoteMode); from.fd = fdSocket; to.fd = fdSocket; @@ -88,54 +84,6 @@ void RemoteStore::openConnection(bool reserveSpace) } -void RemoteStore::forkSlave() -{ - int sockets[2]; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) == -1) - throw SysError("cannot create sockets"); - - fdSocket = sockets[0]; - AutoCloseFD fdChild = sockets[1]; - - /* Start the worker. */ - Path worker = getEnv("NIX_WORKER"); - if (worker == "") - worker = settings.nixBinDir + "/nix-worker"; - - child = fork(); - - switch (child) { - - case -1: - throw SysError("unable to fork"); - - case 0: - try { /* child */ - - if (dup2(fdChild, STDOUT_FILENO) == -1) - throw SysError("dupping write side"); - - if (dup2(fdChild, STDIN_FILENO) == -1) - throw SysError("dupping read side"); - - close(fdSocket); - close(fdChild); - - execlp(worker.c_str(), worker.c_str(), "--slave", NULL); - - throw SysError(format("executing `%1%'") % worker); - - } catch (std::exception & e) { - std::cerr << format("child error: %1%\n") % e.what(); - } - quickExit(1); - } - - fdChild.close(); - -} - - void RemoteStore::connectToDaemon() { fdSocket = socket(PF_UNIX, SOCK_STREAM, 0); -- cgit 1.4.1