nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-04 08:00:59 +01:00
Code Activity

Always attempt setgroups but allow failure to be ignored.

Browse source
This commit is contained in:
Ben Radford 2023-07-11 10:44:03 +01:00
parent 25b20b4ad2
commit 07dabcc90e
No known key found for this signature in database
GPG key ID: 9DF5D4640AB888D5
3 changed files with 11 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/libstore/build/local-derivation-goal.cc
View file

@ -909,9 +909,12 @@ void LocalDerivationGoal::startBuilder()
/* Drop additional groups here because we can't do it
after we've created the new user namespace. */
if (settings.dropSupplementaryGroups)
if (setgroups(0, 0) == -1)
throw SysError("setgroups failed. Set the drop-supplementary-groups option to false to skip this step.");
if (setgroups(0, 0) == -1) {
if (errno != EPERM)
throw SysError("setgroups failed");
if (settings.requireDropSupplementaryGroups)
throw Error("setgroups failed. Set the require-drop-supplementary-groups option to false to skip this step.");
}
ProcessOptions options;
options.cloneFlags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_PARENT | SIGCHLD;