lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

Wait with making /etc unwritable until after build env setup

Browse source 
This fixes /etc/nsswitch.conf
This commit is contained in:
Yorick 2023-02-17 16:31:55 +01:00
parent a88ae62bc0
commit bbba49b3e4
No known key found for this signature in database
GPG key ID: A36E70F9DC014A15
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build/local-derivation-goal.cc
View file

@ -971,10 +971,6 @@ void LocalDerivationGoal::startBuilder()
"nobody:x:65534:65534:Nobody:/:/noshell\n", "nobody:x:65534:65534:Nobody:/:/noshell\n",
sandboxUid(), sandboxGid(), settings.sandboxBuildDir)); sandboxUid(), sandboxGid(), settings.sandboxBuildDir));
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Save the mount- and user namespace of the child. We have to do this /* Save the mount- and user namespace of the child. We have to do this
*before* the child does a chroot. */ *before* the child does a chroot. */
sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY); sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY);
@ -1855,6 +1851,10 @@ void LocalDerivationGoal::runChild()
} }
} }
/* Make /etc unwritable */
if (!parsedDrv->useUidRange())
chmod_(chrootRootDir + "/etc", 0555);
/* Unshare this mount namespace. This is necessary because /* Unshare this mount namespace. This is necessary because
pivot_root() below changes the root of the mount pivot_root() below changes the root of the mount
namespace. This means that the call to setns() in namespace. This means that the call to setns() in