cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #110739 from matthewbauer/fix-binfmt-nix-sandbox

Browse source 
nixos/binfmt: add bash to sandboxPaths
This commit is contained in:
Matthew Bauer 2021-01-25 11:53:27 -06:00 committed by GitHub
commit e8338c9c1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/system/boot/binfmt.nix
View file

@ -23,7 +23,7 @@ let
activationSnippet = name: { interpreter, ... }: '' activationSnippet = name: { interpreter, ... }: ''
rm -f /run/binfmt/${name} rm -f /run/binfmt/${name}
cat > /run/binfmt/${name} << 'EOF' cat > /run/binfmt/${name} << 'EOF'
#!/usr/bin/env sh #!${pkgs.bash}/bin/sh
exec -- ${interpreter} "$@" exec -- ${interpreter} "$@"
EOF EOF
chmod +x /run/binfmt/${name} chmod +x /run/binfmt/${name}
@ -266,7 +266,7 @@ in {
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")} extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
''; '';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != []) nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems)); ([ "/run/binfmt" "${pkgs.bash}" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf" environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations)); (lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));