mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity
nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch

49 lines
1.6 KiB
Diff
Raw Normal View History

nixos/tests: Use a patched QEMU for testing The reason to patch QEMU is that with latest Nix, tests like "printing" or "misc" fail because they expect the store paths to be owned by uid 0 and gid 0. Starting with NixOS/nix@5e51ffb1c265e16486fcdd888ce4a04db9e5552b, Nix builds inside of a new user namespace. Unfortunately this also means that bind-mounted store paths that are part of the derivation's inputs are no longer owned by uid 0 and gid 0 but by uid 65534 and gid 65534. This in turn causes things like sudo or cups to fail with errors about insecure file permissions. So in order to avoid that, let's make sure the VM always gets files owned by uid 0 and gid 0 and does a no-op when doing a chmod on a store path. In addition, this adds a virtualisation.qemu.program option so that we can make sure that we only use the patched version if we're *really* running NixOS VM tests (that is, whenever we have imported test-instrumentation.nix). Tested against the "misc" and "printing" tests. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-17 16:06:17 +00:00
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 845675e..43fa036 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -128,6 +128,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) {
goto err_out;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
@@ -462,6 +464,16 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs,
return ret;
}
+static int maybe_chmod(const char *path, mode_t mode)
+{
+ static char *store_path = NULL;
+ if (store_path == NULL)
+ store_path = getenv("NIX_STORE");
+ if (strncmp(path, store_path, strlen(store_path)) != 0)
+ return chmod(path, mode);
+ return 0;
+}
+
static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
{
char *buffer;
@@ -477,7 +489,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
buffer = rpath(fs_ctx, path);
- ret = chmod(buffer, credp->fc_mode);
+ ret = maybe_chmod(buffer, credp->fc_mode);
g_free(buffer);
}
return ret;
@@ -621,6 +633,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
if (err) {
return err;
}
+ stbuf->st_uid = 0;
+ stbuf->st_gid = 0;
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
Copy permalink