mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-29 03:26:14 +01:00
Switch Hydra to use a patch instead of a fork
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
parent
197c53a52b
commit
2d3231856a
49
containers/0001-Add-ignored_acls-setting.patch
Normal file
49
containers/0001-Add-ignored_acls-setting.patch
Normal file
|
@ -0,0 +1,49 @@
|
|||
From 8438114399ce025b6977215dbaedc05697a6d958 Mon Sep 17 00:00:00 2001
|
||||
From: Magic_RB <magic_rb@redalder.org>
|
||||
Date: Mon, 3 May 2021 09:54:31 +0200
|
||||
Subject: [PATCH] Add ignored_acls setting
|
||||
|
||||
Signed-off-by: Magic_RB <magic_rb@redalder.org>
|
||||
---
|
||||
src/libstore/globals.hh | 9 +++++++++
|
||||
src/libstore/local-store.cc | 4 +---
|
||||
2 files changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
|
||||
index 8784d5faf..7e01b4960 100644
|
||||
--- a/src/libstore/globals.hh
|
||||
+++ b/src/libstore/globals.hh
|
||||
@@ -805,6 +805,15 @@ public:
|
||||
may be useful in certain scenarios (e.g. to spin up containers or
|
||||
set up userspace network interfaces in tests).
|
||||
)"};
|
||||
+
|
||||
+ Setting<StringSet> ignoredAcls{
|
||||
+ this, {"security.selinux"}, "ignored-acls",
|
||||
+ R"(
|
||||
+ A list of ACLs that should be ignored, normally Nix attempts to
|
||||
+ remove all ACLs from files and directories in the Nix store, but
|
||||
+ some ACLs like `security.selinux` or `system.nfs4_acl` can't be
|
||||
+ removed even by root. Therefore it's best to just ignore them.
|
||||
+ )"};
|
||||
#endif
|
||||
|
||||
Setting<Strings> hashedMirrors{
|
||||
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
|
||||
index 747eb205e..c6f774bc2 100644
|
||||
--- a/src/libstore/local-store.cc
|
||||
+++ b/src/libstore/local-store.cc
|
||||
@@ -583,9 +583,7 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
|
||||
throw SysError("querying extended attributes of '%s'", path);
|
||||
|
||||
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) {
|
||||
- /* Ignore SELinux security labels since these cannot be
|
||||
- removed even by root. */
|
||||
- if (eaName == "security.selinux") continue;
|
||||
+ if (settings.ignoredAcls.get().count(eaName)) continue;
|
||||
if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
|
||||
throw SysError("removing extended attribute '%s' from '%s'", eaName, path);
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
|
@ -48,13 +48,8 @@ in
|
|||
type.services = {};
|
||||
};
|
||||
nix = {
|
||||
package = pkgs.nixFlakes.override {
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "MagicRB";
|
||||
repo = "nix";
|
||||
rev = "a02c34500960b8bc18fe1bdc1431ea252573a5cf";
|
||||
sha256 = "sha256-6VbjvNIDxPdjA+FcY2Kh1vSh8RJ7ubezqprTy81lq9U=";
|
||||
};
|
||||
package = pkgs.nixUnstable.override {
|
||||
patches = [ ./0001-Add-ignored_acls-setting.patch ];
|
||||
};
|
||||
loadNixDb = true;
|
||||
overlayNix = "/nix-persist";
|
||||
|
|
Loading…
Reference in a new issue