wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 02:21:16 +02:00
Code Activity

Split LinuxDerivationBuilder

Browse source 
This restores doing seccomp/personality initialization even when
sandboxing is disabled.

https://hydra.nixos.org/build/298482132
This commit is contained in:
Eelco Dolstra 2025-05-29 21:57:25 +02:00
parent b7fd872147
commit 4dc419eaec
2 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/libstore/unix/build/derivation-builder.cc
View file

@ -2157,7 +2157,7 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
} }
if (useSandbox) if (useSandbox)
return std::make_unique<LinuxDerivationBuilder>( return std::make_unique<ChrootLinuxDerivationBuilder>(
store, store,
std::move(miscMethods), std::move(miscMethods),
std::move(params)); std::move(params));
@ -2172,6 +2172,11 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
std::move(miscMethods), std::move(miscMethods),
std::move(params), std::move(params),
useSandbox); useSandbox);
#elif defined(__linux__)
return std::make_unique<LinuxDerivationBuilder>(
store,
std::move(miscMethods),
std::move(params));
#else #else
if (useSandbox) if (useSandbox)
throw Error("sandboxing builds is not supported on this platform"); throw Error("sandboxing builds is not supported on this platform");

20
src/libstore/unix/build/linux-derivation-builder.cc
View file

@ -154,6 +154,18 @@ static void doBind(const Path & source, const Path & target, bool optional = fal
} }
struct LinuxDerivationBuilder : DerivationBuilderImpl struct LinuxDerivationBuilder : DerivationBuilderImpl
{
using DerivationBuilderImpl::DerivationBuilderImpl;
void enterChroot() override
{
setupSeccomp();
linux::setPersonality(drv.platform);
}
};
struct ChrootLinuxDerivationBuilder : LinuxDerivationBuilder
{ {
/** /**
* Pipe for synchronising updates to the builder namespaces. * Pipe for synchronising updates to the builder namespaces.
@ -190,7 +202,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
*/ */
std::optional<Path> cgroup; std::optional<Path> cgroup;
using DerivationBuilderImpl::DerivationBuilderImpl; using LinuxDerivationBuilder::LinuxDerivationBuilder;
void deleteTmpDir(bool force) override void deleteTmpDir(bool force) override
{ {
@ -772,11 +784,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
if (rmdir("real-root") == -1) if (rmdir("real-root") == -1)
throw SysError("cannot remove real-root directory"); throw SysError("cannot remove real-root directory");
// FIXME: move to LinuxDerivationBuilder LinuxDerivationBuilder::enterChroot();
setupSeccomp();
// FIXME: move to LinuxDerivationBuilder
linux::setPersonality(drv.platform);
} }
void setUser() override void setUser() override