Split LinuxDerivationBuilder

This restores doing seccomp/personality initialization even when sandboxing is disabled. https://hydra.nixos.org/build/298482132
2025-06-24 22:11:15 +02:00 · 2025-05-29 21:57:25 +02:00 · 2025-05-29 21:57:25 +02:00 · 4dc419eaec
commit 4dc419eaec
parent b7fd872147
2 changed files with 20 additions and 7 deletions
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@ -2157,7 +2157,7 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
    }

    if (useSandbox)
-        return std::make_unique<LinuxDerivationBuilder>(
+        return std::make_unique<ChrootLinuxDerivationBuilder>(
            store,
            std::move(miscMethods),
            std::move(params));
@ -2172,6 +2172,11 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
        std::move(miscMethods),
        std::move(params),
        useSandbox);
+    #elif defined(__linux__)
+    return std::make_unique<LinuxDerivationBuilder>(
+        store,
+        std::move(miscMethods),
+        std::move(params));
    #else
    if (useSandbox)
        throw Error("sandboxing builds is not supported on this platform");
--- a/src/libstore/unix/build/linux-derivation-builder.cc
+++ b/src/libstore/unix/build/linux-derivation-builder.cc
@ -154,6 +154,18 @@ static void doBind(const Path & source, const Path & target, bool optional = fal
 }

 struct LinuxDerivationBuilder : DerivationBuilderImpl
+{
+    using DerivationBuilderImpl::DerivationBuilderImpl;
+
+    void enterChroot() override
+    {
+        setupSeccomp();
+
+        linux::setPersonality(drv.platform);
+    }
+};
+
+struct ChrootLinuxDerivationBuilder : LinuxDerivationBuilder
 {
    /**
     * Pipe for synchronising updates to the builder namespaces.
@ -190,7 +202,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
     */
    std::optional<Path> cgroup;

-    using DerivationBuilderImpl::DerivationBuilderImpl;
+    using LinuxDerivationBuilder::LinuxDerivationBuilder;

    void deleteTmpDir(bool force) override
    {
@ -772,11 +784,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
        if (rmdir("real-root") == -1)
            throw SysError("cannot remove real-root directory");

-        // FIXME: move to LinuxDerivationBuilder
-        setupSeccomp();
-
-        // FIXME: move to LinuxDerivationBuilder
-        linux::setPersonality(drv.platform);
+        LinuxDerivationBuilder::enterChroot();
    }

    void setUser() override