From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS51083 80.67.180.0/24 X-Spam-Status: No, score=-3.3 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,SPF_HELO_NONE, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from mermet.sourcephile.fr (revolt129.abo.ilico.org [80.67.180.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 666E91F910 for ; Tue, 25 Oct 2022 16:49:42 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (4096-bit key; secure) header.d=sourcephile.fr header.i=@sourcephile.fr header.b="VDg6Em3U"; dkim-atps=neutral Date: Tue, 25 Oct 2022 18:49:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourcephile.fr; s=20200101; t=1666716578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8m2/7bZFd/B9LwPUYyHiHTI2mb439alYeEfM586sauM=; b=VDg6Em3U4PSIskSicZ8F3Wq3UAbDcgNUsA8A2Z25pqpsltCmuYokDDTyVakmN7iQexKnIE Uxri/cZEwdECoSlPoTewInSPFBzebC5KhVHcTThWWIQiu6VHNK9Y7/xn0G2JUar35NhJL6 Gc/x+54QgFREqZdRTmSfzJXJ7f4J9CvXr3gXhK1UETt8knJavA/jMPLEMiARe47RisJEvD RgUVyQPgiLmiKk8Or1o8ZdvSF3K2N1tVFR8xFp0pzbA3YSpvom1rIOiDG7FOpHrZXDZn7H IJr99RkOsih8tv4mwGNa1PXrOdTe3cXMsCnnX39+FVwnEPVoSKPnwr4BLT1BhxS3eDYaQc bChIsEqXx5M/0+BWxIjOBYeEAm8+9HJS57hbpe/Pi8zxUTMWhvhecTgnt1vTrqVqqNJzZY SJkh6gPds3B6DvF8ifxQrijO+U48NxXwpkbZBKoWK75/3Au9Nc4if1RKCRAmZ5TrvbPAgv alOLVFRI4VyK7vbp1/hDUA8eB9JRE4h79Y+DD1j6ZI5TzFZMKIQwslZxJrVQ8xhCsgzyCV mkWJslEmIiYBcQ/68Owy5Lai4e68ddkt67XuDxNjK/dhXOSdDE+haWCRhSbou7iE4NjE+6 Cn9duY5VF0iRqrJAAIy1bBrgPouf2SqHQ1tIRvqPqSN4gofBOfsZc= From: Julien Moutinho To: Eric Wong Cc: meta@public-inbox.org Subject: Re: Test failures due to core.sharedRepository and sandboxing Message-ID: <20221025164938.agffzitrsgn4pbcu@sourcephile.fr> References: <20221024215822.azmu2egkibe73rc3@sourcephile.fr> <20221025101756.M341966@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20221025101756.M341966@dcvr> List-Id: Le mar. 25 oct. 2022 10h17 +0000, Eric Wong a =C3=A9crit=C2=A0: > My brain is very tired atm, but I'm wondering if git should > strip S_ISGID and retry if it hits EPERM... I've asked on git@ here https://public-inbox.org/git/20221025163024.uutqv7w24yi4eo5i@sourcephile.fr= /T/#u > On a traditional Unix-like system, the objective of 0600 is to > ensure only the user running lei can read their own email. > AFAIK, that's standard behavior for MUAs creating local files > (I only know it's mutt behavior off the top-of-my-head). >=20 > That said, I don't know how NixOS's sandbox is different than a > traditional system. nix's build sandbox denies g+s, but that sandbox only applies when building a package (which includes running its tests). Once the package is built, that sandbox is no longer used, leaving the package free to use g+s when run by users. > Is setting any value of core.sharedRepository even worthwhile on NixOS? AFAIK NixOS would be like any other Linux-based OS on that matter. Cheers,