kloenk/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Merge pull request #7856 from yorickvP/fix-nsswitch

Browse source 
Wait with making /etc unwritable until after build env setup
This commit is contained in:
Théophane Hufschmitt 2023-02-21 09:39:10 +01:00 committed by GitHub
parent 5510daf132 bbba49b3e4
commit 532c70f531
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build/local-derivation-goal.cc
View file

@ -971,10 +971,6 @@ void LocalDerivationGoal::startBuilder()
"nobody:x:65534:65534:Nobody:/:/noshell\n",
sandboxUid(), sandboxGid(), settings.sandboxBuildDir));
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Save the mount- and user namespace of the child. We have to do this
*before* the child does a chroot. */
sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY);
@ -1855,6 +1851,10 @@ void LocalDerivationGoal::runChild()
}
}
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Unshare this mount namespace. This is necessary because
pivot_root() below changes the root of the mount
namespace. This means that the call to setns() in