wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 22:33:57 +02:00
Code Activity

Wait with making /etc unwritable until after build env setup

Browse source 
This fixes /etc/nsswitch.conf

(cherry picked from commit bbba49b3e4)
This commit is contained in:
Yorick van Pelt 2023-02-17 16:31:55 +01:00 committed by github-actions[bot]
parent 1083ecbb2b
commit 11522a573d
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build/local-derivation-goal.cc
View file

@ -1024,10 +1024,6 @@ void LocalDerivationGoal::startBuilder()
"nobody:x:65534:65534:Nobody:/:/noshell\n", "nobody:x:65534:65534:Nobody:/:/noshell\n",
sandboxUid(), sandboxGid(), settings.sandboxBuildDir)); sandboxUid(), sandboxGid(), settings.sandboxBuildDir));
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Save the mount- and user namespace of the child. We have to do this /* Save the mount- and user namespace of the child. We have to do this
*before* the child does a chroot. */ *before* the child does a chroot. */
sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY); sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY);
@ -1912,6 +1908,10 @@ void LocalDerivationGoal::runChild()
} }
} }
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Unshare this mount namespace. This is necessary because /* Unshare this mount namespace. This is necessary because
pivot_root() below changes the root of the mount pivot_root() below changes the root of the mount
namespace. This means that the call to setns() in namespace. This means that the call to setns() in