wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 10:41:16 +02:00
Code Activity

AllowListInputAccessor: Clarify that the "allowed paths" are actually allowed prefixes

Browse source 
E.g. adding "/" will allow access to the root and *everything below it*.
This commit is contained in:
Eelco Dolstra 2024-02-20 11:21:28 +01:00
parent 06be819b89
commit d52d91fe7a
3 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libexpr/eval.cc
View file

@ -467,13 +467,13 @@ EvalState::~EvalState()
void EvalState::allowPath(const Path & path)
{
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
rootFS2->allowPath(CanonPath(path));
rootFS2->allowPrefix(CanonPath(path));
}
void EvalState::allowPath(const StorePath & storePath)
{
if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
rootFS2->allowPath(CanonPath(store->toRealPath(storePath)));
rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
}
void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)