diff options
author | Roel Janssen <roel@gnu.org> | 2018-04-19 17:11:30 +0200 |
---|---|---|
committer | Roel Janssen <roel@gnu.org> | 2018-04-19 19:06:26 +0200 |
commit | 5cefb13ddd4d51a63a387e74c138035b7b8b8537 (patch) | |
tree | d98bd60a2a5465f58853da7c224810497ebb5ec9 /nix/nix-daemon | |
parent | 7c16af4646fac789000495064a13284691dbeb75 (diff) |
guix-daemon: Disable garbage collection for remote connections.
* nix/nix-daemon/nix-daemon.cc (isRemoteConnection): New variable.
(performOp): For wopCollectGarbage, throw an error when isRemoteConnection
is set.
(acceptConnection): Set isRemoteConnection when connection is not AF_UNIX.
* tests/guix-daemon.sh: Add a test for the new behavior.
Diffstat (limited to 'nix/nix-daemon')
-rw-r--r-- | nix/nix-daemon/nix-daemon.cc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index deb7003d7e..782e4acfc5 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -54,7 +54,9 @@ static FdSink to(STDOUT_FILENO); bool canSendStderr; - +/* This variable is used to keep track of whether a connection + comes from a host other than the host running guix-daemon. */ +static bool isRemoteConnection; /* This function is called anytime we want to write something to stderr. If we're in a state where the protocol allows it (i.e., @@ -529,6 +531,11 @@ static void performOp(bool trusted, unsigned int clientVersion, } case wopCollectGarbage: { + if (isRemoteConnection) { + throw Error("Garbage collection is disabled for remote hosts."); + break; + } + GCOptions options; options.action = (GCOptions::GCAction) readInt(from); options.pathsToDelete = readStorePaths<PathSet>(from); @@ -934,6 +941,7 @@ static void acceptConnection(int fdSocket) connection. Setting these to -1 means: do not change. */ settings.clientUid = clientUid; settings.clientGid = clientGid; + isRemoteConnection = (remoteAddr.ss_family != AF_UNIX); /* Handle the connection. */ from.fd = remote; |