Ludovic Courtès ec7fb66994 daemon: Prevent privilege escalation with '--keep-failed' [security]. ... Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent.		2021-03-18 12:18:56 +01:00
..
.gitignore	nix: Tweak .gitignore files.	2020-06-24 19:55:22 +01:00
build.cc	daemon: Prevent privilege escalation with '--keep-failed' [security].	2021-03-18 12:18:56 +01:00
builtins.cc	daemon: Run 'guix perform-download' directly.	2019-09-08 11:49:24 +02:00
builtins.hh	daemon: Allow check builds of 'builtin:download' derivations.	2017-01-11 17:06:31 +01:00
derivations.cc	Merge branch 'nix'.	2015-07-03 00:30:55 +02:00
derivations.hh
gc.cc	daemon: Handle EXDEV when moving to trash directory.	2020-06-06 15:43:35 -07:00
globals.cc	daemon: Remove 'NIX_LIBEXEC_DIR'.	2019-09-08 11:49:24 +02:00
globals.hh	daemon: Remove 'NIX_LIBEXEC_DIR'.	2019-09-08 11:49:24 +02:00
local-store.cc	daemon: Factorize substituter agent spawning.	2020-12-08 22:30:08 +01:00
local-store.hh	daemon: Factorize substituter agent spawning.	2020-12-08 22:30:08 +01:00
misc.cc
misc.hh
optimise-store.cc	daemon: Correctly handle EMLINK corner case when deduplicating.	2020-06-25 12:29:22 +02:00
pathlocks.cc	daemon: ~PathLocks(): Handle exceptions.	2016-05-31 14:25:28 +02:00
pathlocks.hh
references.cc
references.hh	Merge branch 'nix' into 'master'.	2014-12-19 22:47:37 +01:00
sqlite.cc	daemon: Improve the SQLite wrapper API.	2016-10-28 22:30:17 +02:00
sqlite.hh
store-api.cc	daemon: Replace "illegal" by "invalid" in error messages.	2019-06-13 00:44:01 +02:00
store-api.hh	daemon: Make 'profiles/per-user' non-world-writable.	2019-10-16 22:53:40 +02:00
worker-protocol.hh