wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-01 16:41:47 +02:00
Code Activity

AllowListInputAccessor: Clarify that the "allowed paths" are actually allowed prefixes

Browse source 
E.g. adding "/" will allow access to the root and *everything below it*.

(cherry picked from commit d52d91fe7a)
This commit is contained in:
Eelco Dolstra 2024-02-20 11:21:28 +01:00 committed by github-actions[bot]
parent 7599d4bbed
commit 2e78ef5612
3 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libexpr/eval.cc
View file

@ -507,13 +507,13 @@ EvalState::~EvalState()
void EvalState::allowPath(const Path & path)
{
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
rootFS2->allowPath(CanonPath(path));
rootFS2->allowPrefix(CanonPath(path));
}
void EvalState::allowPath(const StorePath & storePath)
{
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
rootFS2->allowPath(CanonPath(store->toRealPath(storePath)));
rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
}
void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)