From 851b47bd7de35f4464a67c991d55cbcb07230edc Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 10 Dec 2014 18:01:01 +0100
Subject: Don't do vfork in conjunction with setuid

---
 src/libstore/build.cc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/libstore')

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index ab8923bbdc47..36436d7eb2cd 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1914,6 +1914,8 @@ void DerivationGoal::startBuilder()
     builderOut.create();
 
     /* Fork a child to build the package. */
+    ProcessOptions options;
+    options.allowVfork = !buildUser.enabled();
     pid = startProcess([&]() {
         runChild();
     });
-- 
cgit 1.4.1