[Nix-dev] [PATCH] Preserve supplementary groups of build users

Ludovic Courtès ludo at gnu.org
Wed Jul 1 11:12:51 CEST 2015


ludo at gnu.org (Ludovic Courtès) skribis:

> Currently, the build environment made by the daemon does not preserve
> supplementary groups of the build users.
>
> Thus, even though the standalone Guix system sets /dev/kvm 660, owned by
> root:kvm, and adds the build users to the kvm group, build users are
> unable to access it.

The following patch is an attempt to address this bug (see
<http://bugs.gnu.org/18994>) by preserving the supplementary groups of
build users in the build environment.

In practice, I would expect that supplementary groups would contain only
one or two groups: the build users group, and possibly the “kvm” group.

WDYT?

Thanks,
Ludo’.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-patch
Size: 2004 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150701/43f0fc67/attachment-0001.bin 


More information about the nix-dev mailing list