diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2014-11-30 18:19:00 +0100 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2014-11-30 18:23:19 +0100 |
| commit | 318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c (patch) | |
| tree | af067159d0e82459d053be442df24ceb0f8ae52b /pkgs/applications/virtualization | |
| parent | 579f93203a6cd6f2d006c9879930dc4db20c548d (diff) | |
| download | nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar.gz nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar.bz2 nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar.lz nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar.xz nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.tar.zst nixlib-318fbb34e7fbd9bf9d295eb31e6a109b2d707a9c.zip | |
virtualbox: Allow /nix/store being world-writable.
We are already checking whether /nix/store has the sticky bit set, so if it is world-writable as well it doesn't mean that the actual store path is writable. Let alone the fact that it is only writable during the build process. This should fix installing the extension pack when enableExtensionPack is used. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs/applications/virtualization')
| -rw-r--r-- | pkgs/applications/virtualization/virtualbox/hardened.patch | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/pkgs/applications/virtualization/virtualbox/hardened.patch b/pkgs/applications/virtualization/virtualbox/hardened.patch index b789ddbeacbd..a0184b68f079 100644 --- a/pkgs/applications/virtualization/virtualbox/hardened.patch +++ b/pkgs/applications/virtualization/virtualbox/hardened.patch @@ -1,5 +1,5 @@ diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp -index c39d2f7..f6a4031 100644 +index c39d2f7..cd19186 100644 --- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp @@ -1415,7 +1415,7 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo @@ -11,6 +11,19 @@ index c39d2f7..f6a4031 100644 #endif if (fBad) return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo, +@@ -1424,9 +1424,10 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo + } + + /* +- * World must not have write access. There is no relaxing this rule. ++ * World must not have write access. ++ * There is no relaxing this rule, except when it comes to the Nix store. + */ +- if (pFsObjState->Stat.st_mode & S_IWOTH) ++ if (pFsObjState->Stat.st_mode & S_IWOTH && suplibHardenedStrCmp(pszPath, "/nix/store")) + return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo, + "World writable: '", pszPath, "'"); + diff --git a/src/VBox/Main/src-server/MachineImpl.cpp b/src/VBox/Main/src-server/MachineImpl.cpp index 95dc9a7..39170bc 100644 --- a/src/VBox/Main/src-server/MachineImpl.cpp |