From 6a5b6ad3b75a1032ee495cec456e8d28b7e0595e Mon Sep 17 00:00:00 2001
From: Raito Bezarius <raito@lix.systems>
Date: Wed, 26 Mar 2025 01:04:59 +0100
Subject: [PATCH] libstore: open build directory as a dirfd as well

We now keep around a proper AutoCloseFD around the temporary directory
which we plan to use for openat operations and avoiding the build
directory being swapped out while we are doing something else.

Change-Id: I18d387b0f123ebf2d20c6405cd47ebadc5505f2a
Signed-off-by: Raito Bezarius <raito@lix.systems>
---
 src/libstore/unix/build/derivation-builder.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc
index 85b586373..e2dfc5860 100644
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@@ -95,6 +95,11 @@ protected:
      */
     Path topTmpDir;
 
+    /**
+     * The file descriptor of the temporary directory.
+     */
+    AutoCloseFD tmpDirFd;
+
     /**
      * The sort of derivation we are building.
      *
@@ -710,6 +715,13 @@ void DerivationBuilderImpl::startBuilder()
     topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), 0700);
     setBuildTmpDir();
     assert(!tmpDir.empty());
+
+    /* The TOCTOU between the previous mkdir call and this open call is unavoidable due to
+       POSIX semantics.*/
+    tmpDirFd = AutoCloseFD{open(tmpDir.c_str(), O_RDONLY | O_NOFOLLOW | O_DIRECTORY)};
+    if (!tmpDirFd)
+        throw SysError("failed to open the build temporary directory descriptor '%1%'", tmpDir);
+
     chownToBuilder(tmpDir);
 
     for (auto & [outputName, status] : initialOutputs) {