wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 02:21:16 +02:00
Code Activity

Merge pull request #13297 from NixOS/split-linux-builder

Browse source 
Split LinuxDerivationBuilder
This commit is contained in:
Eelco Dolstra 2025-05-30 12:35:01 +02:00 committed by GitHub
commit 587b5f5361
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 26 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/libstore/unix/build/derivation-builder.cc
View file

@ -2147,23 +2147,21 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
} }
#ifdef __linux__ #ifdef __linux__
if (useSandbox) { if (useSandbox && !mountAndPidNamespacesSupported()) {
if (!mountAndPidNamespacesSupported()) { if (!settings.sandboxFallback)
if (!settings.sandboxFallback) throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing");
throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing"); debug("auto-disabling sandboxing because the prerequisite namespaces are not available");
debug("auto-disabling sandboxing because the prerequisite namespaces are not available"); useSandbox = false;
useSandbox = false;
}
} }
if (useSandbox) if (useSandbox)
return std::make_unique<LinuxDerivationBuilder>( return std::make_unique<ChrootLinuxDerivationBuilder>(
store, store,
std::move(miscMethods), std::move(miscMethods),
std::move(params)); std::move(params));
#endif #endif
if (params.drvOptions.useUidRange(params.drv)) if (!useSandbox && params.drvOptions.useUidRange(params.drv))
throw Error("feature 'uid-range' is only supported in sandboxed builds"); throw Error("feature 'uid-range' is only supported in sandboxed builds");
#ifdef __APPLE__ #ifdef __APPLE__
@ -2172,6 +2170,11 @@ std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
std::move(miscMethods), std::move(miscMethods),
std::move(params), std::move(params),
useSandbox); useSandbox);
#elif defined(__linux__)
return std::make_unique<LinuxDerivationBuilder>(
store,
std::move(miscMethods),
std::move(params));
#else #else
if (useSandbox) if (useSandbox)
throw Error("sandboxing builds is not supported on this platform"); throw Error("sandboxing builds is not supported on this platform");

24
src/libstore/unix/build/linux-derivation-builder.cc
View file

@ -154,6 +154,18 @@ static void doBind(const Path & source, const Path & target, bool optional = fal
} }
struct LinuxDerivationBuilder : DerivationBuilderImpl struct LinuxDerivationBuilder : DerivationBuilderImpl
{
using DerivationBuilderImpl::DerivationBuilderImpl;
void enterChroot() override
{
setupSeccomp();
linux::setPersonality(drv.platform);
}
};
struct ChrootLinuxDerivationBuilder : LinuxDerivationBuilder
{ {
/** /**
* Pipe for synchronising updates to the builder namespaces. * Pipe for synchronising updates to the builder namespaces.
@ -190,11 +202,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
*/ */
std::optional<Path> cgroup; std::optional<Path> cgroup;
LinuxDerivationBuilder( using LinuxDerivationBuilder::LinuxDerivationBuilder;
Store & store, std::unique_ptr<DerivationBuilderCallbacks> miscMethods, DerivationBuilderParams params)
: DerivationBuilderImpl(store, std::move(miscMethods), std::move(params))
{
}
void deleteTmpDir(bool force) override void deleteTmpDir(bool force) override
{ {
@ -776,11 +784,7 @@ struct LinuxDerivationBuilder : DerivationBuilderImpl
if (rmdir("real-root") == -1) if (rmdir("real-root") == -1)
throw SysError("cannot remove real-root directory"); throw SysError("cannot remove real-root directory");
// FIXME: move to LinuxDerivationBuilder LinuxDerivationBuilder::enterChroot();
setupSeccomp();
// FIXME: move to LinuxDerivationBuilder
linux::setPersonality(drv.platform);
} }
void setUser() override void setUser() override