From eab0c3d35e61d1d5b5539f2a7be5185420148532 Mon Sep 17 00:00:00 2001
From: Yuxuan Shui <yshuiv7@gmail.com>
Date: Wed, 30 Nov 2022 19:53:23 +0000
Subject: [PATCH] Warn when building without nix daemon

We need root permission to drop supplementary groups, and if we don't do
that, some builds can fail in user namespace, most notably go.

Related: #3245
---
 src/libstore/build/local-derivation-goal.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index c9b7b24f344..2dc20bec839 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -913,8 +913,13 @@ void LocalDerivationGoal::startBuilder()
             int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_PARENT | SIGCHLD;
             if (privateNetwork)
                 flags |= CLONE_NEWNET;
-            if (usingUserNamespace)
+            if (usingUserNamespace) {
+                if (getgroups(0, NULL) != 0) {
+                    warn("user namespace enabled, but we weren't able to drop supplementary groups; "
+                        "this can break some builds. consider using the nix daemon.");
+                }
                 flags |= CLONE_NEWUSER;
+            }
 
             pid_t child = clone(childEntry, stack + stackSize, flags, this);
             if (child == -1 && errno == EINVAL) {