nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-11 21:16:02 +01:00
Code Activity

Restore isAllowed check in ChrootLinuxDerivationBuilder

Browse source 
This early return was lost in d4ef822add.

By doing some
https://en.wikipedia.org/wiki/Non-virtual_interface_pattern, we can
ensure that we don't make this mistake again --- implementations are no
longer responsible for implementing the caching/memoization mechanism.

(cherry picked from commit 496e43ec72)
This commit is contained in:
Sergei Zimmerman 2025-11-10 21:12:07 +03:00 committed by github-actions[bot]
parent 5b8c24fb31
commit 46a43dede9
3 changed files with 21 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/libstore/include/nix/store/restricted-store.hh
View file

@ -52,7 +52,21 @@ struct RestrictionContext
* Add 'path' to the set of paths that may be referenced by the * Add 'path' to the set of paths that may be referenced by the
* outputs, and make it appear in the sandbox. * outputs, and make it appear in the sandbox.
*/ */
virtual void addDependency(const StorePath & path) = 0; void addDependency(const StorePath & path)
{
if (isAllowed(path))
return;
addDependencyImpl(path);
}
protected:
/**
* This is the underlying implementation to be defined. The caller
* will ensure that this is only called on newly added dependencies,
* and that idempotent calls are a no-op.
*/
virtual void addDependencyImpl(const StorePath & path) = 0;
}; };
/** /**

7
src/libstore/unix/build/derivation-builder.cc
View file

@ -325,7 +325,7 @@ private:
protected: protected:
void addDependency(const StorePath & path) override; void addDependencyImpl(const StorePath & path) override;
/** /**
* Make a file owned by the builder. * Make a file owned by the builder.
@ -1181,11 +1181,8 @@ void DerivationBuilderImpl::stopDaemon()
daemonSocket.close(); daemonSocket.close();
} }
void DerivationBuilderImpl::addDependency(const StorePath & path) void DerivationBuilderImpl::addDependencyImpl(const StorePath & path)
{ {
if (isAllowed(path))
return;
addedPaths.insert(path); addedPaths.insert(path);
} }

5
src/libstore/unix/build/linux-derivation-builder.cc
View file

@ -703,8 +703,11 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu
DerivationBuilderImpl::killSandbox(getStats); DerivationBuilderImpl::killSandbox(getStats);
} }
void addDependency(const StorePath & path) override void addDependencyImpl(const StorePath & path) override
{ {
if (isAllowed(path))
return;
auto [source, target] = ChrootDerivationBuilder::addDependencyPrep(path); auto [source, target] = ChrootDerivationBuilder::addDependencyPrep(path);
/* Bind-mount the path into the sandbox. This requires /* Bind-mount the path into the sandbox. This requires