amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-01 18:05:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

daemon: Consider the current user as trusted.

Browse source 
This allows use of ‘guix gc --verify=repair’ when running guix-daemon as
an unprivileged user.

* nix/nix-daemon/nix-daemon.cc (acceptConnection): Consider the current
user as trusted.

Reported-by: David Elsing <david.elsing@posteo.net>
Change-Id: I559e56cf0640e8dc9bbc510317aa2bdc024ff681
This commit is contained in:
Ludovic Courtès 2025-07-10 15:25:29 +02:00
parent 38e82ca727
commit 9cd3b961e4
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nix/nix-daemon/nix-daemon.cc
View file

@ -963,7 +963,10 @@ static void acceptConnection(int fdSocket)
clientPid = cred.pid;
clientUid = cred.uid;
clientGid = cred.gid;
trusted = clientUid == 0;
/* The root user is always trusted; additionally, when running as
an unprivileged user, that user is also trusted. */
trusted = (clientUid == 0) || (clientUid == getuid());
struct passwd * pw = getpwuid(cred.uid);
string user = pw ? pw->pw_name : std::to_string(cred.uid);