From b796c4336d30504183662b6d3189fbfdb529b872 Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Sun, 4 Apr 2021 14:51:03 +0200 Subject: [PATCH] Propagate the user and group names of the calling user --- nixproc/backends/bsdrc/build-bsdrc-env.nix | 2 ++ .../backends/cygrunsrv/build-cygrunsrv-env.nix | 2 ++ nixproc/backends/disnix/build-disnix-env.nix | 2 ++ nixproc/backends/docker/build-docker-env.nix | 2 ++ nixproc/backends/launchd/build-launchd-env.nix | 2 ++ nixproc/backends/s6-rc/build-s6-rc-env.nix | 2 ++ .../supervisord/build-supervisord-env.nix | 2 ++ nixproc/backends/systemd/build-systemd-env.nix | 2 ++ .../backends/sysvinit/build-sysvinit-env.nix | 2 ++ nixproc/test-driver/agnostic.nix | 9 +++++++-- nixproc/test-driver/profiles/unprivileged.nix | 2 ++ tools/common/nixproc-build.in | 18 +++++++++++++++++- 12 files changed, 44 insertions(+), 3 deletions(-) diff --git a/nixproc/backends/bsdrc/build-bsdrc-env.nix b/nixproc/backends/bsdrc/build-bsdrc-env.nix index 131d614..89339d4 100644 --- a/nixproc/backends/bsdrc/build-bsdrc-env.nix +++ b/nixproc/backends/bsdrc/build-bsdrc-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , exprFile ? null , extraParams ? {} }@args: diff --git a/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix b/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix index 68d1283..673f887 100644 --- a/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix +++ b/nixproc/backends/cygrunsrv/build-cygrunsrv-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/backends/disnix/build-disnix-env.nix b/nixproc/backends/disnix/build-disnix-env.nix index 1e30f8e..028c188 100644 --- a/nixproc/backends/disnix/build-disnix-env.nix +++ b/nixproc/backends/disnix/build-disnix-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , clientInterface ? (if builtins.getEnv "DISNIX_CLIENT_INTERFACE" == "" then "disnix-run-activity" else builtins.getEnv "DISNIX_CLIENT_INTERFACE") , disnixDataDir ? (if builtins.getEnv "DISNIX_DATA_DIR" == "" then throw "Set DISNIX_DATA_DIR to the data directory of Disnix" else builtins.getEnv "DISNIX_DATA_DIR") , extraParams ? {} diff --git a/nixproc/backends/docker/build-docker-env.nix b/nixproc/backends/docker/build-docker-env.nix index 575be5d..eb6b0f0 100644 --- a/nixproc/backends/docker/build-docker-env.nix +++ b/nixproc/backends/docker/build-docker-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/backends/launchd/build-launchd-env.nix b/nixproc/backends/launchd/build-launchd-env.nix index 0133377..b5f3ecd 100644 --- a/nixproc/backends/launchd/build-launchd-env.nix +++ b/nixproc/backends/launchd/build-launchd-env.nix @@ -9,6 +9,8 @@ , lockDir ? "${stateDir}/lock" , libDir ? "${stateDir}/lib" , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/backends/s6-rc/build-s6-rc-env.nix b/nixproc/backends/s6-rc/build-s6-rc-env.nix index f84358a..664ac05 100644 --- a/nixproc/backends/s6-rc/build-s6-rc-env.nix +++ b/nixproc/backends/s6-rc/build-s6-rc-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null , defaultBundleName ? "default" diff --git a/nixproc/backends/supervisord/build-supervisord-env.nix b/nixproc/backends/supervisord/build-supervisord-env.nix index 156ba05..b7c0467 100644 --- a/nixproc/backends/supervisord/build-supervisord-env.nix +++ b/nixproc/backends/supervisord/build-supervisord-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/backends/systemd/build-systemd-env.nix b/nixproc/backends/systemd/build-systemd-env.nix index 47a16be..4f71a9a 100644 --- a/nixproc/backends/systemd/build-systemd-env.nix +++ b/nixproc/backends/systemd/build-systemd-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/backends/sysvinit/build-sysvinit-env.nix b/nixproc/backends/sysvinit/build-sysvinit-env.nix index e047280..0149408 100644 --- a/nixproc/backends/sysvinit/build-sysvinit-env.nix +++ b/nixproc/backends/sysvinit/build-sysvinit-env.nix @@ -9,6 +9,8 @@ , libDir ? "${stateDir}/lib" , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") , forceDisableUserChange ? false +, callingUser ? null +, callingGroup ? null , extraParams ? {} , exprFile ? null }@args: diff --git a/nixproc/test-driver/agnostic.nix b/nixproc/test-driver/agnostic.nix index 72aa329..6ad0f3b 100644 --- a/nixproc/test-driver/agnostic.nix +++ b/nixproc/test-driver/agnostic.nix @@ -19,9 +19,14 @@ let inherit profileSettings exprFile extraParams pkgs system tools; }; - processes = import exprFile ({ + processesFun = import exprFile; + processesFormalArgs = builtins.functionArgs processesFun; + + processesArgs = builtins.intersectAttrs processesFormalArgs ({ inherit pkgs system processManager; - } // extraParams // profileSettings.params); + } // profileSettings.params // extraParams); + + processes = processesFun processesArgs; in with import "${nixpkgs}/nixos/lib/testing-python.nix" { inherit system; }; diff --git a/nixproc/test-driver/profiles/unprivileged.nix b/nixproc/test-driver/profiles/unprivileged.nix index af4fd9b..c4ec915 100644 --- a/nixproc/test-driver/profiles/unprivileged.nix +++ b/nixproc/test-driver/profiles/unprivileged.nix @@ -3,6 +3,8 @@ stateDir = "/home/unprivileged/var"; runtimeDir = "${stateDir}/run"; forceDisableUserChange = true; + callingUser = "unprivileged"; + callingGroup = "users"; }; deployArgs = [ "--state-dir" "/home/unprivileged/var" "--force-disable-user-change" ]; diff --git a/tools/common/nixproc-build.in b/tools/common/nixproc-build.in index 324b122..d48e3b3 100644 --- a/tools/common/nixproc-build.in +++ b/tools/common/nixproc-build.in @@ -197,4 +197,20 @@ fi NIXPROC=${NIXPROC:-@NIXPROC@} # Build the profile -nix-build $stateDirArg $runtimeDirArg $logDirArg $tmpDirArg $cacheDirArg $spoolDirArg $lockDirArg $libDirArg $forceDisableUserChangeArg $noOutLinkArg $showTraceArg $processManagerArg "${extraParamsArg[@]}" $exprFileArg $NIXPROC/backends/$processManager/build-$processManager-env.nix +nix-build $stateDirArg \ + $runtimeDirArg \ + $logDirArg \ + $tmpDirArg \ + $cacheDirArg \ + $spoolDirArg \ + $lockDirArg \ + $libDirArg \ + $forceDisableUserChangeArg \ + --argstr callingUser "$(id -un)" \ + --argstr callingGroup "$(id -gn)" \ + $noOutLinkArg \ + $showTraceArg \ + $processManagerArg \ + "${extraParamsArg[@]}" \ + $exprFileArg \ + $NIXPROC/backends/$processManager/build-$processManager-env.nix