forked from mirrors/nixpkgs
Merge pull request #183874 from zhaofengli/bwrap-fhs-preserve-etc-symlink
build-fhs-userenv-bubblewrap: Preserve symlinks in /etc
This commit is contained in:
Linus Heckemann
GitHub
commit
1ba1b35d7f
|
|
@ -26,7 +26,7 @@ let
|
|||
"unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"
|
||||
]);
|
||||
|
||||
etcBindFlags = let
|
||||
etcBindEntries = let
|
||||
files = [
|
||||
# NixOS Compatibility
|
||||
"static"
|
||||
|
|
@ -69,8 +69,7 @@ let
|
|||
"ca-certificates"
|
||||
"pki"
|
||||
];
|
||||
in concatStringsSep "\n "
|
||||
(map (file: "--ro-bind-try $(${coreutils}/bin/readlink -m /etc/${file}) /etc/${file}") files);
|
||||
in map (path: "/etc/${path}") files;
|
||||
|
||||
# Create this on the fly instead of linking from /nix
|
||||
# The container might have to modify it and re-run ldconfig if there are
|
||||
|
|
@ -99,19 +98,20 @@ let
|
|||
'';
|
||||
|
||||
bwrapCmd = { initArgs ? "" }: ''
|
||||
blacklist=(/nix /dev /proc /etc)
|
||||
ignored=(/nix /dev /proc /etc)
|
||||
ro_mounts=()
|
||||
symlinks=()
|
||||
etc_ignored=()
|
||||
for i in ${env}/*; do
|
||||
path="/''${i##*/}"
|
||||
if [[ $path == '/etc' ]]; then
|
||||
:
|
||||
elif [[ -L $i ]]; then
|
||||
symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$path")
|
||||
blacklist+=("$path")
|
||||
ignored+=("$path")
|
||||
else
|
||||
ro_mounts+=(--ro-bind "$i" "$path")
|
||||
blacklist+=("$path")
|
||||
ignored+=("$path")
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
@ -124,14 +124,26 @@ let
|
|||
continue
|
||||
fi
|
||||
ro_mounts+=(--ro-bind "$i" "/etc$path")
|
||||
etc_ignored+=("/etc$path")
|
||||
done
|
||||
fi
|
||||
|
||||
for i in ${lib.escapeShellArgs etcBindEntries}; do
|
||||
if [[ "''${etc_ignored[@]}" =~ "$i" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ -L $i ]]; then
|
||||
symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$i")
|
||||
else
|
||||
ro_mounts+=(--ro-bind-try "$i" "$i")
|
||||
fi
|
||||
done
|
||||
|
||||
declare -a auto_mounts
|
||||
# loop through all directories in the root
|
||||
for dir in /*; do
|
||||
# if it is a directory and it is not in the blacklist
|
||||
if [[ -d "$dir" ]] && [[ ! "''${blacklist[@]}" =~ "$dir" ]]; then
|
||||
# if it is a directory and it is not ignored
|
||||
if [[ -d "$dir" ]] && [[ ! "''${ignored[@]}" =~ "$dir" ]]; then
|
||||
# add it to the mount list
|
||||
auto_mounts+=(--bind "$dir" "$dir")
|
||||
fi
|
||||
|
|
@ -179,7 +191,6 @@ let
|
|||
--symlink /etc/ld.so.cache ${pkgsi686Linux.glibc}/etc/ld.so.cache \
|
||||
--ro-bind ${pkgsi686Linux.glibc}/etc/rpc ${pkgsi686Linux.glibc}/etc/rpc \
|
||||
--remount-ro ${pkgsi686Linux.glibc}/etc \
|
||||
${etcBindFlags}
|
||||
"''${ro_mounts[@]}"
|
||||
"''${symlinks[@]}"
|
||||
"''${auto_mounts[@]}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue