nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-22 17:01:08 +01:00
Code Activity

libstore: include path in the world-writable error

Browse source 
The previous error message was ambiguous about which specific directory failed the check.

This commit updates checkNotWorldWritable to return the failing path so it can be included in the error message, making debugging easier.

(cherry picked from commit a1e24fa6ce)
This commit is contained in:
yawkar 2025-12-13 19:45:19 +03:00 committed by github-actions[bot]
parent 4fecbf8a9a
commit db39278d61
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libstore/unix/build/derivation-builder.cc
View file

@ -652,17 +652,17 @@ static void handleChildException(bool sendException)
}
}
static bool checkNotWorldWritable(std::filesystem::path path)
static void checkNotWorldWritable(std::filesystem::path path)
{
while (true) {
auto st = lstat(path);
if (st.st_mode & S_IWOTH)
return false;
throw Error("Path %s is world-writable or a symlink. That's not allowed for security.", path);
if (path == path.parent_path())
break;
path = path.parent_path();
}
return true;
return;
}
void DerivationBuilderImpl::startBuilder()
@ -700,9 +700,8 @@ void DerivationBuilderImpl::startBuilder()
createDirs(buildDir);
if (buildUser && !checkNotWorldWritable(buildDir))
throw Error(
"Path %s or a parent directory is world-writable or a symlink. That's not allowed for security.", buildDir);
if (buildUser)
checkNotWorldWritable(buildDir);
/* Create a temporary directory where the build will take
place. */