Wait with making /etc unwritable until after build env setup

This fixes /etc/nsswitch.conf (cherry picked from commit bbba49b3e4)
2025-07-07 18:31:49 +02:00 · 2023-02-17 16:31:55 +01:00 · 2023-02-17 16:31:55 +01:00 · 11522a573d
commit 11522a573d
parent 1083ecbb2b
1 changed files with 4 additions and 4 deletions
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@ -1024,10 +1024,6 @@ void LocalDerivationGoal::startBuilder()
                "nobody:x:65534:65534:Nobody:/:/noshell\n",
                sandboxUid(), sandboxGid(), settings.sandboxBuildDir));

-        /* Make /etc unwritable */
-        if (!parsedDrv->useUidRange())
-            chmod_(chrootRootDir + "/etc", 0555);
-
        /* Save the mount- and user namespace of the child. We have to do this
           *before* the child does a chroot. */
        sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY);
@ -1912,6 +1908,10 @@ void LocalDerivationGoal::runChild()
                }
            }

+            /* Make /etc unwritable */
+            if (!parsedDrv->useUidRange())
+                chmod_(chrootRootDir + "/etc", 0555);
+
            /* Unshare this mount namespace. This is necessary because
               pivot_root() below changes the root of the mount
               namespace. This means that the call to setns() in