Don't silently succeed seccomp setup when !HAVE_SECCOMP.
Running Nix with build users without seccomp on Linux is dangerous, and administrators should very explicitly opt-in to it.
This commit is contained in:
parent
ed73d40c3b
commit
e59a8a63e1
1 changed files with 7 additions and 2 deletions
|
@ -2471,9 +2471,9 @@ void DerivationGoal::chownToBuilder(const Path & path)
|
||||||
|
|
||||||
void setupSeccomp()
|
void setupSeccomp()
|
||||||
{
|
{
|
||||||
#if __linux__ && HAVE_SECCOMP
|
#if __linux__
|
||||||
if (!settings.filterSyscalls) return;
|
if (!settings.filterSyscalls) return;
|
||||||
|
#if HAVE_SECCOMP
|
||||||
scmp_filter_ctx ctx;
|
scmp_filter_ctx ctx;
|
||||||
|
|
||||||
if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
|
if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
|
||||||
|
@ -2519,6 +2519,11 @@ void setupSeccomp()
|
||||||
|
|
||||||
if (seccomp_load(ctx) != 0)
|
if (seccomp_load(ctx) != 0)
|
||||||
throw SysError("unable to load seccomp BPF program");
|
throw SysError("unable to load seccomp BPF program");
|
||||||
|
#else
|
||||||
|
throw Error("%s\n%s",
|
||||||
|
"seccomp is not supported on this platform"
|
||||||
|
"you can avoid this by setting the filter-syscalls option to false, but note that untrusted builds can then create setuid binaries!");
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue