mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-18 13:36:36 +01:00
558224140d
The only thing keeping a rogue builder and a local user from collaborating to usurp control over the builder's user during the build is the fact that whatever files the builder may produce are not accessible to any other users yet. If we're going to make them accessible, we should probably do some sanity checking to ensure that sort of collaborating can't happen. Currently this isn't happening when failed build outputs are moved from the chroot as an aid to debugging. * nix/libstore/build.cc (secureFilePerms): new function. (DerivationGoal::buildDone): use it. Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96 Signed-off-by: Ludovic Courtès <ludo@gnu.org> |
||
|---|---|---|
| .. | ||
| boost | ||
| libstore | ||
| libutil | ||
| nix-daemon | ||
| .gitignore | ||
| AUTHORS | ||
| COPYING | ||
| local.mk | ||