From 4390142315a0d6ed0f67712061498c68389ea3b7 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 15 Nov 2015 06:08:50 -0500 Subject: Use AutoDelete for sandbox profile file --- src/libstore/build.cc | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'src/libstore') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 1dee1ca2cd65..6f662f81daaf 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -778,9 +778,13 @@ private: DirsInChroot dirsInChroot; typedef map Environment; Environment env; +#if SANDBOX_ENABLED typedef string SandboxProfile; SandboxProfile additionalSandboxProfile; + AutoDelete autoDelSandbox; +#endif + /* Hash rewriting. */ HashRewrites rewritesToTmp, rewritesFromTmp; typedef map RedirectedOutputs; @@ -2445,9 +2449,10 @@ void DerivationGoal::runChild() const char *builder = "invalid"; string sandboxProfile; - if (isBuiltin(*drv)) + if (isBuiltin(*drv)) { ; - else if (useChroot && SANDBOX_ENABLED) { +#if SANDBOX_ENABLED + } else if (useChroot) { /* Lots and lots and lots of file functions freak out if they can't stat their full ancestry */ PathSet ancestry; @@ -2527,16 +2532,20 @@ void DerivationGoal::runChild() debug("Generated sandbox profile:"); debug(sandboxProfile); - Path tmpProfile = createTempDir() + "/profile.sb"; - writeFile(tmpProfile, sandboxProfile); + Path sandboxFile = drvPath + ".sb"; + if (pathExists(sandboxFile)) deletePath(sandboxFile); + autoDelSandbox = AutoDelete(sandboxFile); + + writeFile(sandboxFile, sandboxProfile); builder = "/usr/bin/sandbox-exec"; args.push_back("sandbox-exec"); args.push_back("-f"); - args.push_back(tmpProfile); + args.push_back(sandboxFile); args.push_back("-D"); args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir); args.push_back(drv->builder); +#endif } else { builder = drv->builder.c_str(); string builderBasename = baseNameOf(drv->builder); -- cgit 1.4.1 From 58d2fac91d0da7312e3ef147b6b290ea16031da8 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Mon, 16 Nov 2015 05:53:10 -0500 Subject: AutoDelete: Add default constructor with deletion disabled --- src/libstore/build.cc | 2 +- src/libutil/util.cc | 8 ++++++++ src/libutil/util.hh | 2 ++ 3 files changed, 11 insertions(+), 1 deletion(-) (limited to 'src/libstore') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 6f662f81daaf..6112d528cce5 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2534,7 +2534,7 @@ void DerivationGoal::runChild() Path sandboxFile = drvPath + ".sb"; if (pathExists(sandboxFile)) deletePath(sandboxFile); - autoDelSandbox = AutoDelete(sandboxFile); + autoDelSandbox.reset(sandboxFile, false); writeFile(sandboxFile, sandboxProfile); diff --git a/src/libutil/util.cc b/src/libutil/util.cc index 27116fd18297..84f578eec355 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -599,6 +599,8 @@ string drainFD(int fd) ////////////////////////////////////////////////////////////////////// +AutoDelete::AutoDelete() : del{false} {} + AutoDelete::AutoDelete(const string & p, bool recursive) : path(p) { del = true; @@ -626,6 +628,12 @@ void AutoDelete::cancel() del = false; } +void AutoDelete::reset(const Path & p, bool recursive = true) { + this-> p = p; + this->recursive = recursive; + del = true; +} + ////////////////////////////////////////////////////////////////////// diff --git a/src/libutil/util.hh b/src/libutil/util.hh index 23d01e9a6ca0..f4026a0a884b 100644 --- a/src/libutil/util.hh +++ b/src/libutil/util.hh @@ -199,9 +199,11 @@ class AutoDelete bool del; bool recursive; public: + AutoDelete(); AutoDelete(const Path & p, bool recursive = true); ~AutoDelete(); void cancel(); + void reset(const Path & p, bool recursive = true); operator Path() const { return path; } }; -- cgit 1.4.1