From 5ebc6149ad33f8eb7c365d30f8c67d6d49b3fc24 Mon Sep 17 00:00:00 2001
From: Yuxuan Shui <yshuiv7@gmail.com>
Date: Wed, 30 Nov 2022 19:53:23 +0000
Subject: [PATCH] Warn when building without nix daemon

We need root permission to drop supplementary groups, and if we don't do
that, some builds can fail in user namespace, most notably go.

Related: #3245
---
 src/libstore/build/local-derivation-goal.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index a9f9307737a7..31e264e964e6 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -926,8 +926,13 @@ void LocalDerivationGoal::startBuilder()
             options.cloneFlags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_PARENT | SIGCHLD;
             if (privateNetwork)
                 options.cloneFlags |= CLONE_NEWNET;
-            if (usingUserNamespace)
+            if (usingUserNamespace) {
+                if (getgroups(0, NULL) != 0) {
+                    warn("user namespace enabled, but we weren't able to drop supplementary groups; "
+                        "this can break some builds. consider using the nix daemon.");
+                }
                 options.cloneFlags |= CLONE_NEWUSER;
+            }
 
             pid_t child = startProcess([&]() { runChild(); }, options);