mirror of
https://github.com/NixOS/nix.git
synced 2025-11-16 23:42:43 +01:00
Drop support for running nix-worker in "slave" mode
AFAIK nobody uses this, setuid binaries are evil, and there is no good reason why people can't just run the daemon.
This commit is contained in:
Eelco Dolstra
parent
7586095504
commit
522ecab9b8
6 changed files with 9 additions and 146 deletions
|
|
@ -50,16 +50,12 @@ void RemoteStore::openConnection(bool reserveSpace)
|
|||
|
||||
string remoteMode = getEnv("NIX_REMOTE");
|
||||
|
||||
if (remoteMode == "slave")
|
||||
/* Fork off a setuid worker to do the privileged work. */
|
||||
forkSlave();
|
||||
else if (remoteMode == "daemon")
|
||||
if (remoteMode == "daemon")
|
||||
/* Connect to a daemon that does the privileged work for
|
||||
us. */
|
||||
connectToDaemon();
|
||||
connectToDaemon();
|
||||
else
|
||||
throw Error(format("invalid setting for NIX_REMOTE, `%1%'")
|
||||
% remoteMode);
|
||||
throw Error(format("invalid setting for NIX_REMOTE, `%1%'") % remoteMode);
|
||||
|
||||
from.fd = fdSocket;
|
||||
to.fd = fdSocket;
|
||||
|
|
@ -88,54 +84,6 @@ void RemoteStore::openConnection(bool reserveSpace)
|
|||
}
|
||||
|
||||
|
||||
void RemoteStore::forkSlave()
|
||||
{
|
||||
int sockets[2];
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) == -1)
|
||||
throw SysError("cannot create sockets");
|
||||
|
||||
fdSocket = sockets[0];
|
||||
AutoCloseFD fdChild = sockets[1];
|
||||
|
||||
/* Start the worker. */
|
||||
Path worker = getEnv("NIX_WORKER");
|
||||
if (worker == "")
|
||||
worker = settings.nixBinDir + "/nix-worker";
|
||||
|
||||
child = fork();
|
||||
|
||||
switch (child) {
|
||||
|
||||
case -1:
|
||||
throw SysError("unable to fork");
|
||||
|
||||
case 0:
|
||||
try { /* child */
|
||||
|
||||
if (dup2(fdChild, STDOUT_FILENO) == -1)
|
||||
throw SysError("dupping write side");
|
||||
|
||||
if (dup2(fdChild, STDIN_FILENO) == -1)
|
||||
throw SysError("dupping read side");
|
||||
|
||||
close(fdSocket);
|
||||
close(fdChild);
|
||||
|
||||
execlp(worker.c_str(), worker.c_str(), "--slave", NULL);
|
||||
|
||||
throw SysError(format("executing `%1%'") % worker);
|
||||
|
||||
} catch (std::exception & e) {
|
||||
std::cerr << format("child error: %1%\n") % e.what();
|
||||
}
|
||||
quickExit(1);
|
||||
}
|
||||
|
||||
fdChild.close();
|
||||
|
||||
}
|
||||
|
||||
|
||||
void RemoteStore::connectToDaemon()
|
||||
{
|
||||
fdSocket = socket(PF_UNIX, SOCK_STREAM, 0);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue