From 786ee585b8cb0088db1a2e5d92db5fc199d9cb89 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 22 Dec 2016 17:38:42 +0100 Subject: Add comment --- src/libstore/build.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/libstore') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index c970fbdcaa65..eaa9128d8f37 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2165,7 +2165,8 @@ void DerivationGoal::startBuilder() namespace, we can't drop additional groups; they will be mapped to nogroup in the child namespace. There does not seem to be a workaround for this. (But who can tell - from reading user_namespaces(7)?)*/ + from reading user_namespaces(7)?) + See also https://lwn.net/Articles/621612/. */ if (getuid() == 0 && setgroups(0, 0) == -1) throw SysError("setgroups failed"); -- cgit 1.4.1