wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 18:31:49 +02:00
Code Activity

Merge pull request #10482 from tweag/fix-symlink-in-sandbox

Browse source 
Fix the access of symlinks to host files in the sandbox
This commit is contained in:
John Ericson 2024-04-15 09:29:00 -04:00 committed by GitHub
commit 65cc237b3a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 65 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/libstore/build/local-derivation-goal.cc
View file

@ -1823,11 +1823,18 @@ void LocalDerivationGoal::runChild()
if (pathExists(path))
ss.push_back(path);
if (settings.caFile != "")
pathsInChroot.try_emplace("/etc/ssl/certs/ca-certificates.crt", settings.caFile, true);
if (settings.caFile != "" && pathExists(settings.caFile)) {
Path caFile = settings.caFile;
pathsInChroot.try_emplace("/etc/ssl/certs/ca-certificates.crt", canonPath(caFile, true), true);
}
}
for (auto & i : ss) pathsInChroot.emplace(i, i);
for (auto & i : ss) {
// For backwards-compatibiliy, resolve all the symlinks in the
// chroot paths
auto canonicalPath = canonPath(i, true);
pathsInChroot.emplace(i, canonicalPath);
}
/* Bind-mount all the directories from the "host"
filesystem that we want in the chroot