wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 06:01:48 +02:00
Code Activity

Don't allow writing to /etc

Browse source
This commit is contained in:
Yorick van Pelt 2023-02-14 12:03:34 +01:00
parent df9a71f6ea
commit db41f74af3
No known key found for this signature in database
GPG key ID: A36E70F9DC014A15
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/linux-sandbox.sh
View file

@ -37,3 +37,6 @@ nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link
(! nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link --check -K 2> $TEST_ROOT/log)
if grep -q 'error: renaming' $TEST_ROOT/log; then false; fi
grep -q 'may not be deterministic' $TEST_ROOT/log
# Test that sandboxed builds cannot write to /etc easily
(! nix-build -E 'with import ./config.nix; mkDerivation { name = "etc-write"; buildCommand = "echo > /etc/test"; }' --no-out-link --sandbox-paths /nix/store)