wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-02 21:51:50 +02:00
Code Activity

Fix --no-sandbox

Browse source 
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
This commit is contained in:
Eelco Dolstra 2024-05-14 14:12:08 +02:00
parent 58b7b3fd15
commit d54590fdf3
2 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libstore/unix/build/local-derivation-goal.cc
View file

@ -503,9 +503,14 @@ void LocalDerivationGoal::startBuilder()
/* Create a temporary directory where the build will take
place. */
auto parentTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
tmpDir = parentTmpDir + "/build";
createDir(tmpDir, 0700);
tmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
if (useChroot) {
/* If sandboxing is enabled, put the actual TMPDIR underneath
an inaccessible root-owned directory, to prevent outside
access. */
tmpDir = tmpDir + "/build";
createDir(tmpDir, 0700);
}
chownToBuilder(tmpDir);
for (auto & [outputName, status] : initialOutputs) {