picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

canonicalisePathMetaData(): Ignore security.selinux attribute

Browse source 
Untested, hopefully fixes #1406.
This commit is contained in:
Eelco Dolstra 2017-06-14 11:41:03 +02:00
parent 177f3996e2
commit 88b291ffc4
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/local-store.cc
View file

@ -421,10 +421,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0)
throw SysError("querying extended attributes of %s", path);
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1)))
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) {
/* Ignore SELinux security labels since these cannot be
removed even by root. */
if (eaName == "security.selinux") continue;
if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
throw SysError("removing extended attribute %s from %s", eaName, path);
}
}
}
#endif
/* Fail if the file is not owned by the build user. This prevents