pyrox.dev / nixpkgs
lol
fork atom

qemu_test: Make chown() calls to the store a no-op

The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.

This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.

Fixes the misc test (and possibly future tests) on older Nix versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

aszlig 38ea64e8 f0e77cd0

options
unified split
Changed files
+41 -12
pkgs
applications
virtualization
qemu
force-uid0-on-9p.patch
+41 -12
pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch 
···

       
1

       
 

       
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c


     

       
2

       
-

       
index 845675e..43fa036 100644


     

       
3

       
 

       
--- a/hw/9pfs/9p-local.c


     

       
4

       
 

       
+++ b/hw/9pfs/9p-local.c


     

       
5

       
-

       
@@ -128,6 +128,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
6

       
 

       
     if (err) {


     

       
7

       
 

       
         goto err_out;


     

       
8

       
 

       
     }


     
···

       
11

       
 

       
     if (fs_ctx->export_flags & V9FS_SM_MAPPED) {


     

       
12

       
 

       
         /* Actual credentials are part of extended attrs */


     

       
13

       
 

       
         uid_t tmp_uid;


     

       
14

       
-

       
@@ -462,6 +464,16 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs,


     

       
15

       
 

       
     return ret;


     

       
16

       
 

       
 }


     

       
17

       
 

       
 


     

       
18

       
-

       
+static int maybe_chmod(const char *path, mode_t mode)


     

       
19

       
 

       
+{


     

       
20

       
-

       
+    static char *store_path = NULL;


     

       
21

       
-

       
+    if (store_path == NULL)


     

       
22

       
-

       
+        store_path = getenv("NIX_STORE");


     

       
23

       
-

       
+    if (strncmp(path, store_path, strlen(store_path)) != 0)


     

       
24

       
-

       
+        return chmod(path, mode);


     

       
25

       
-

       
+    return 0;


     

       
26

       
 

       
+}


     

       
27

       
 

       
+


     

       
28

       
 

       
 static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)


     

       
29

       
 

       
 {


     

       
30

       
 

       
     char *buffer;


     

       
31

       
-

       
@@ -477,7 +489,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)


     

       
32

       
 

       
     } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||


     

       
33

       
 

       
                (fs_ctx->export_flags & V9FS_SM_NONE)) {


     

       
34

       
 

       
         buffer = rpath(fs_ctx, path);


     
···

       
37

       
 

       
         g_free(buffer);


     

       
38

       
 

       
     }


     

       
39

       
 

       
     return ret;


     

       
40

       
-

       
@@ -621,6 +633,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,


     

       
41

       
 

       
     if (err) {


     

       
42

       
 

       
         return err;


     

       
43

       
 

       
     }


     
···

       
46

       
 

       
     if (fs_ctx->export_flags & V9FS_SM_MAPPED) {


     

       
47

       
 

       
         /* Actual credentials are part of extended attrs */


     

       
48

       
 

       
         uid_t tmp_uid;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     
···

       
1

       
 

       
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c


     

       
2

       
+

       
index 3f271fc..dc273f4 100644


     

       
3

       
 

       
--- a/hw/9pfs/9p-local.c


     

       
4

       
 

       
+++ b/hw/9pfs/9p-local.c


     

       
5

       
+

       
@@ -45,6 +45,23 @@


     

       
6

       
+

       
 


     

       
7

       
+

       
 #define VIRTFS_META_DIR ".virtfs_metadata"


     

       
8

       
+

       
 


     

       
9

       
+

       
+static int is_in_store_path(const char *path)


     

       
10

       
+

       
+{


     

       
11

       
+

       
+    static char *store_path = NULL;


     

       
12

       
+

       
+    int store_path_len = -1;


     

       
13

       
+

       
+


     

       
14

       
+

       
+    if (store_path_len == -1) {


     

       
15

       
+

       
+        if ((store_path = getenv("NIX_STORE")) != NULL)


     

       
16

       
+

       
+            store_path_len = strlen(store_path);


     

       
17

       
+

       
+        else


     

       
18

       
+

       
+            store_path_len = 0;


     

       
19

       
+

       
+    }


     

       
20

       
+

       
+


     

       
21

       
+

       
+    if (store_path_len > 0)


     

       
22

       
+

       
+        return strncmp(path, store_path, strlen(store_path)) == 0;


     

       
23

       
+

       
+    return 0;


     

       
24

       
+

       
+}


     

       
25

       
+

       
+


     

       
26

       
+

       
 static char *local_mapped_attr_path(FsContext *ctx, const char *path)


     

       
27

       
+

       
 {


     

       
28

       
+

       
     int dirlen;


     

       
29

       
+

       
@@ -128,6 +145,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)


     

       
30

       
 

       
     if (err) {


     

       
31

       
 

       
         goto err_out;


     

       
32

       
 

       
     }


     
···

       
35

       
 

       
     if (fs_ctx->export_flags & V9FS_SM_MAPPED) {


     

       
36

       
 

       
         /* Actual credentials are part of extended attrs */


     

       
37

       
 

       
         uid_t tmp_uid;


     

       
38

       
+

       
@@ -462,6 +481,11 @@ static ssize_t local_pwritev(FsContext *ctx, V9fsFidOpenState *fs,


     

       
39

       
 

       
     return ret;


     

       
40

       
 

       
 }


     

       
41

       
 

       
 


     

       
42

       
+

       
+static inline int maybe_chmod(const char *path, mode_t mode)


     

       
43

       
 

       
+{


     

       
44

       
+

       
+    return is_in_store_path(path) ? 0 : chmod(path, mode);


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
45

       
 

       
+}


     

       
46

       
 

       
+


     

       
47

       
 

       
 static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)


     

       
48

       
 

       
 {


     

       
49

       
 

       
     char *buffer;


     

       
50

       
+

       
@@ -477,7 +501,7 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)


     

       
51

       
 

       
     } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||


     

       
52

       
 

       
                (fs_ctx->export_flags & V9FS_SM_NONE)) {


     

       
53

       
 

       
         buffer = rpath(fs_ctx, path);


     
···

       
56

       
 

       
         g_free(buffer);


     

       
57

       
 

       
     }


     

       
58

       
 

       
     return ret;


     

       
59

       
+

       
@@ -621,6 +645,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,


     

       
60

       
 

       
     if (err) {


     

       
61

       
 

       
         return err;


     

       
62

       
 

       
     }


     
···

       
65

       
 

       
     if (fs_ctx->export_flags & V9FS_SM_MAPPED) {


     

       
66

       
 

       
         /* Actual credentials are part of extended attrs */


     

       
67

       
 

       
         uid_t tmp_uid;


     

       
68

       
+

       
@@ -916,7 +942,8 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)


     

       
69

       
+

       
         (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||


     

       
70

       
+

       
         (fs_ctx->export_flags & V9FS_SM_NONE)) {


     

       
71

       
+

       
         buffer = rpath(fs_ctx, path);


     

       
72

       
+

       
-        ret = lchown(buffer, credp->fc_uid, credp->fc_gid);


     

       
73

       
+

       
+        ret = is_in_store_path(buffer)


     

       
74

       
+

       
+            ? 0 : lchown(buffer, credp->fc_uid, credp->fc_gid);


     

       
75

       
+

       
         g_free(buffer);


     

       
76

       
+

       
     } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {


     

       
77

       
+

       
         buffer = rpath(fs_ctx, path);