picnoir
/
nix-gh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable the build user mechanism on all platforms except Linux and OS X 

(cherry picked from commit c8cc50d46e)
This commit is contained in:
Eelco Dolstra 2017-06-06 18:52:15 +02:00
parent bcc21744df
commit 0ca9502264
No known key found for this signature in database
GPG Key ID: 8170B4726D7198DE
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libstore/build.cc
View File

@ -1895,7 +1895,13 @@ void DerivationGoal::startBuilder()
/* If `build-users-group' is not empty, then we have to build as
one of the members of that group. */
if (settings.buildUsersGroup != "") {
#if defined(__linux__) || defined(__APPLE__)
buildUser.acquire();
#else
/* Don't know how to block the creation of setuid/setgid
binaries on this platform. */
throw Error("build users are not supported on this platform for security reasons");
#endif
assert(buildUser.getUID() != 0);
assert(buildUser.getGID() != 0);