Hi, While running public-inbox's tests inside nix's build sandbox I've noticed that when core.sharedRepository is set to 0600 git still tries in adjust_shared_perm() to set the g+s bit on directories. https://github.com/git/git/blob/1fc3c0ad407008c2f71dd9ae1241d8b75f8ef886/path.c#L901-L905 However, nix's build sandbox denies g+s (such chmod returning EPERM) because it could be leveraged to break the isolation of the build user. https://github.com/NixOS/nix/blob/b3d2a05c59266688aa904d5fb326394cbb7e9e90/src/libstore/sandbox-defaults.sb#L5-L7 So, on meta@xxxxxxxxxxxxxxxx we were wondering whether git should maybe strip S_ISGID and retry to chmod() if it hits EPERM? https://public-inbox.org/meta/20221025101756.M341966@dcvr/T/#m3f4e9eba9b903a263221ab82ce7ddcd44248d033 Any thoughts on that matter? Thanks!
