canonicalisePathMetaData(): Remove extended attributes / ACLs

EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an
ACL allows a builder to create writable files in the Nix store. So get
rid of them.

Closes #185.
This commit is contained in:
Eelco Dolstra 2017-05-30 13:43:51 +02:00
parent ff6becafa8
commit d798349ede
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE

View file

@ -27,6 +27,7 @@
#include <sys/statvfs.h>
#include <sys/mount.h>
#include <sys/ioctl.h>
#include <sys/xattr.h>
#endif
#include <sqlite3.h>
@ -407,6 +408,27 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
if (!(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode)))
throw Error(format("file %1% has an unsupported type") % path);
#if __linux__
/* Remove extended attributes / ACLs. */
ssize_t eaSize = llistxattr(path.c_str(), nullptr, 0);
if (eaSize < 0) {
if (errno != ENOTSUP)
throw SysError("querying extended attributes of %s", path);
} else if (eaSize > 0) {
std::vector<char> eaBuf(eaSize);
if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0)
throw SysError("querying extended attributes of %s", path);
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1)))
if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
throw SysError("removing extended attribute %s from %s", eaName, path);
assert(llistxattr(path.c_str(), nullptr, 0) == 0);
}
#endif
/* Fail if the file is not owned by the build user. This prevents
us from messing up the ownership/permissions of files
hard-linked into the output (e.g. "ln /etc/shadow $out/foo").