nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 23:12:44 +01:00
Code Activity

canonicalisePathMetaData(): Ignore security.selinux attribute

Browse source 
Untested, hopefully fixes #1406.

(cherry picked from commit 88b291ffc4)
This commit is contained in:
Eelco Dolstra 2017-06-14 11:41:03 +02:00
parent 1e4885e316
commit 35ea3d62dc
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/libstore/local-store.cc
View file

@ -592,10 +592,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0)
throw SysError(format("querying extended attributes of %s") % path);
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1)))
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) {
/* Ignore SELinux security labels since these cannot be
removed even by root. */
if (eaName == "security.selinux") continue;
if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
throw SysError(format("removing extended attribute %s from %s") % eaName % path);
}
}
#endif
/* Fail if the file is not owned by the build user. This prevents