Clear supplementary groups of `nixbld' in /etc/passwd in chroots.

* src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't
  display any supplementary groups for `nixbld' in /etc/passwd.
This commit is contained in:
Ludovic Courtès 2010-03-11 10:21:23 +00:00
parent 05fbf61f0e
commit 2e8eaca573

View file

@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder()
createDirs(chrootTmpDir);
chmod(chrootTmpDir, 01777);
/* Create a /etc/passwd with entries for the build user and
the nobody account. The latter is kind of a hack to
support Samba-in-QEMU. */
/* Create a /etc/passwd with entries for the build user and the
nobody account. The latter is kind of a hack to support
Samba-in-QEMU. For the sake of consistency with the setgroups(2)
call below, the build user has no supplementary groups. */
createDirs(chrootRootDir + "/etc");
writeFile(chrootRootDir + "/etc/passwd",
(format(
"nixbld:x:%1%:65534:Nix build user:/:/noshell\n"
"nixbld:x:%1%:%1%:Nix build user:/:/noshell\n"
"nobody:x:65534:65534:Nobody:/:/noshell\n")
% (buildUser.enabled() ? buildUser.getUID() : getuid())).str());