nixpkgs/pkgs/build-support/build-fhs-userenv/default.nix

38 lines
808 B
Nix
Raw Normal View History

2015-02-05 16:14:28 +01:00
{ writeTextFile, stdenv, ruby } : { env, runScript } :
let
name = env.pname;
# Sandboxing script
chroot-user = writeTextFile {
name = "chroot-user";
executable = true;
destination = "/bin/chroot-user";
text = ''
#! ${ruby}/bin/ruby
${builtins.readFile ./chroot-user.rb}
'';
};
in stdenv.mkDerivation {
2015-02-05 18:39:01 +01:00
name = "${name}-userenv";
2015-02-05 16:14:28 +01:00
buildInputs = [ ruby ];
2015-02-05 18:39:01 +01:00
preferLocalBuild = true;
2015-02-05 16:14:28 +01:00
buildCommand = ''
mkdir -p $out/bin
cat > $out/bin/${name} <<EOF
#! ${stdenv.shell}
exec ${chroot-user}/bin/chroot-user ${env} $out/libexec/run "\$@"
2015-02-05 16:14:28 +01:00
EOF
chmod +x $out/bin/${name}
mkdir -p $out/libexec
cat > $out/libexec/run <<EOF
#! ${stdenv.shell}
source /etc/profile
${runScript} "\$@"
2015-02-05 16:14:28 +01:00
EOF
chmod +x $out/libexec/run
'';
}