diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-23 18:10:33 +0100 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-23 18:10:33 +0100 |
commit | 587538d08767e032f9a50ec28405e94e3627af9b (patch) | |
tree | 272e2638607b25b11e8cfaaf4b1f0659fb84c055 /pkgs/build-support | |
parent | 31b7ef797a550b2113055a686f660e1e7c7e50af (diff) | |
parent | 9f591befb157f2bc44ba9bdcb24af144c7b5471d (diff) |
Merge staging-next into staging
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix index 83d5d371b397..3a3c9e932fdb 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -50,7 +50,7 @@ let "ssl/certs" "pki" ]; - in concatStringsSep " \\\n " + in concatStringsSep "\n " (map (file: "--ro-bind-try /etc/${file} /etc/${file}") files); init = run: writeShellScriptBin "${name}-init" '' @@ -59,21 +59,21 @@ let ''; bwrapCmd = { initArgs ? "" }: '' - blacklist="/nix /dev /proc /etc" - ro_mounts="" + blacklist=(/nix /dev /proc /etc) + ro_mounts=() for i in ${env}/*; do path="/''${i##*/}" if [[ $path == '/etc' ]]; then continue fi - ro_mounts="$ro_mounts --ro-bind $i $path" - blacklist="$blacklist $path" + ro_mounts+=(--ro-bind "$i" "$path") + blacklist+=("$path") done if [[ -d ${env}/etc ]]; then for i in ${env}/etc/*; do path="/''${i##*/}" - ro_mounts="$ro_mounts --ro-bind $i /etc$path" + ro_mounts+=(--ro-bind "$i" "/etc$path") done fi @@ -81,24 +81,27 @@ let # loop through all directories in the root for dir in /*; do # if it is a directory and it is not in the blacklist - if [[ -d "$dir" ]] && grep -v "$dir" <<< "$blacklist" >/dev/null; then + if [[ -d "$dir" ]] && [[ ! "''${blacklist[@]}" =~ "$dir" ]]; then # add it to the mount list auto_mounts+=(--bind "$dir" "$dir") fi done - exec ${bubblewrap}/bin/bwrap \ - --dev-bind /dev /dev \ - --proc /proc \ - --chdir "$(pwd)" \ - --unshare-all \ - --share-net \ - --die-with-parent \ - --ro-bind /nix /nix \ - ${etcBindFlags} \ - $ro_mounts \ - "''${auto_mounts[@]}" \ + cmd=( + ${bubblewrap}/bin/bwrap + --dev-bind /dev /dev + --proc /proc + --chdir "$(pwd)" + --unshare-all + --share-net + --die-with-parent + --ro-bind /nix /nix + ${etcBindFlags} + "''${ro_mounts[@]}" + "''${auto_mounts[@]}" ${init runScript}/bin/${name}-init ${initArgs} + ) + exec "''${cmd[@]}" ''; bin = writeShellScriptBin name (bwrapCmd { initArgs = ''"$@"''; }); |