Merge pull request #10456 from NixOS/fixpermdeniedbind

Fix adding symlink to the sandbox paths
2025-07-07 10:11:47 +02:00 · 2024-04-11 13:41:49 +02:00 · 2024-04-11 13:41:49 +02:00 · da1e977bf4
commit da1e977bf4
parent def00d7b52 ae4737294e
3 changed files with 58 additions and 7 deletions
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@ -395,21 +395,33 @@ void LocalDerivationGoal::cleanupPostOutputsRegisteredModeNonCheck()
 #if __linux__
 static void doBind(const Path & source, const Path & target, bool optional = false) {
    debug("bind mounting '%1%' to '%2%'", source, target);
-    struct stat st;
-    if (stat(source.c_str(), &st) == -1) {
-        if (optional && errno == ENOENT)
+
+    auto bindMount = [&]() {
+        if (mount(source.c_str(), target.c_str(), "", MS_BIND | MS_REC, 0) == -1)
+            throw SysError("bind mount from '%1%' to '%2%' failed", source, target);
+    };
+
+    auto maybeSt = maybeLstat(source);
+    if (!maybeSt) {
+        if (optional)
            return;
        else
            throw SysError("getting attributes of path '%1%'", source);
    }
-    if (S_ISDIR(st.st_mode))
+    auto st = *maybeSt;
+
+    if (S_ISDIR(st.st_mode)) {
        createDirs(target);
-    else {
+        bindMount();
+    } else if (S_ISLNK(st.st_mode)) {
+        // Symlinks can (apparently) not be bind-mounted, so just copy it
+        createDirs(dirOf(target));
+        copyFile(source, target, /* andDelete */ false);
+    } else {
        createDirs(dirOf(target));
        writeFile(target, "");
+        bindMount();
    }
-    if (mount(source.c_str(), target.c_str(), "", MS_BIND | MS_REC, 0) == -1)
-        throw SysError("bind mount from '%1%' to '%2%' failed", source, target);
 };
 #endif