diff options
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/libstore/build.cc | 10 | ||||
| -rw-r--r-- | nix/libstore/gc.cc | 7 | ||||
| -rw-r--r-- | nix/libstore/local-store.cc | 20 | ||||
| -rw-r--r-- | nix/libstore/local-store.hh | 2 | ||||
| -rw-r--r-- | nix/libstore/store-api.hh | 4 | ||||
| -rw-r--r-- | nix/nix-daemon/nix-daemon.cc | 24 |
6 files changed, 51 insertions, 16 deletions
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index 74cd05417f..17e92c68a7 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -51,11 +51,6 @@ #include <sched.h> #endif -/* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but - <linux/fs.h> does. */ -#if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H -#include <linux/fs.h> -#endif #define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root) @@ -947,6 +942,11 @@ void DerivationGoal::killChild() assert(pid == -1); } + /* If there was a build hook involved, remove it from the worker's + children. */ + if (hook && hook->pid != -1) { + worker.childTerminated(hook->pid); + } hook.reset(); } diff --git a/nix/libstore/gc.cc b/nix/libstore/gc.cc index c466996668..fe152da015 100644 --- a/nix/libstore/gc.cc +++ b/nix/libstore/gc.cc @@ -620,10 +620,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results) foreach (Roots::iterator, i, rootMap) state.roots.insert(i->second); - /* Add additional roots returned by the program specified by the - NIX_ROOT_FINDER environment variable. This is typically used - to add running programs to the set of roots (to prevent them - from being garbage collected). */ + /* Add additional roots returned by 'guix gc --list-busy'. This is + typically used to add running programs to the set of roots (to prevent + them from being garbage collected). */ if (!options.ignoreLiveness) addAdditionalRoots(*this, state.roots); diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index 3b08492c64..7a520925e5 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -28,11 +28,8 @@ #include <sys/mount.h> #endif -#if HAVE_LINUX_FS_H -#include <linux/fs.h> #include <sys/ioctl.h> #include <errno.h> -#endif #include <sqlite3.h> @@ -88,8 +85,9 @@ LocalStore::LocalStore(bool reserveSpace) Path perUserDir = profilesDir + "/per-user"; createDirs(perUserDir); - if (chmod(perUserDir.c_str(), 01777) == -1) - throw SysError(format("could not set permissions on '%1%' to 1777") % perUserDir); + if (chmod(perUserDir.c_str(), 0755) == -1) + throw SysError(format("could not set permissions on '%1%' to 755") + % perUserDir); mode_t perm = 01775; @@ -1642,4 +1640,16 @@ void LocalStore::vacuumDB() } +void LocalStore::createUser(const std::string & userName, uid_t userId) +{ + auto dir = settings.nixStateDir + "/profiles/per-user/" + userName; + + createDirs(dir); + if (chmod(dir.c_str(), 0755) == -1) + throw SysError(format("changing permissions of directory '%s'") % dir); + if (chown(dir.c_str(), userId, -1) == -1) + throw SysError(format("changing owner of directory '%s'") % dir); +} + + } diff --git a/nix/libstore/local-store.hh b/nix/libstore/local-store.hh index 4113fafcb5..2e48cf03e6 100644 --- a/nix/libstore/local-store.hh +++ b/nix/libstore/local-store.hh @@ -180,6 +180,8 @@ public: void setSubstituterEnv(); + void createUser(const std::string & userName, uid_t userId); + private: Path schemaPath; diff --git a/nix/libstore/store-api.hh b/nix/libstore/store-api.hh index 2d9dcbd573..7d2ad2270d 100644 --- a/nix/libstore/store-api.hh +++ b/nix/libstore/store-api.hh @@ -289,6 +289,10 @@ public: /* Check the integrity of the Nix store. Returns true if errors remain. */ virtual bool verifyStore(bool checkContents, bool repair) = 0; + + /* Create a profile for the given user. This is done by the daemon + because the 'profiles/per-user' directory is not writable by users. */ + virtual void createUser(const std::string & userName, uid_t userId) = 0; }; diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 1163a249d1..3dd156ba77 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -613,6 +613,17 @@ static void performOp(bool trusted, unsigned int clientVersion, || name == "build-repeat" || name == "multiplexed-build-output") settings.set(name, value); + else if (name == "user-name" + && settings.clientUid == (uid_t) -1) { + /* Create the user profile. This is necessary if + clientUid = -1, for instance because the client + connected over TCP. */ + struct passwd *pw = getpwnam(value.c_str()); + if (pw != NULL) + store->createUser(value, pw->pw_uid); + else + printMsg(lvlInfo, format("user name %1% not found") % value); + } else settings.set(trusted ? name : "untrusted-" + name, value); } @@ -731,7 +742,7 @@ static void performOp(bool trusted, unsigned int clientVersion, } -static void processConnection(bool trusted) +static void processConnection(bool trusted, uid_t userId) { canSendStderr = false; _writeToStderr = tunnelStderr; @@ -778,6 +789,15 @@ static void processConnection(bool trusted) /* Open the store. */ store = std::shared_ptr<StoreAPI>(new LocalStore(reserveSpace)); + if (userId != (uid_t) -1) { + /* Create the user profile. */ + struct passwd *pw = getpwuid(userId); + if (pw != NULL && pw->pw_name != NULL) + store->createUser(pw->pw_name, userId); + else + printMsg(lvlInfo, format("user with UID %1% not found") % userId); + } + stopWork(); to.flush(); @@ -963,7 +983,7 @@ static void acceptConnection(int fdSocket) /* Handle the connection. */ from.fd = remote; to.fd = remote; - processConnection(trusted); + processConnection(trusted, clientUid); exit(0); }, false, "unexpected build daemon error: ", true); |