summary refs log tree commit diff
path: root/pkgs/build-support/build-fhs-userenv-bubblewrap
diff options
context:
space:
mode:
authorBenedikt Morbach <benedikt.morbach@googlemail.com>2020-10-24 17:23:37 +0200
committerLuigi Sartor Piucco <luigipiucco@gmail.com>2021-02-22 14:35:44 -0300
commitdf4761d45082d94f6a469bbcab71cee1e31719da (patch)
treed5db180ec29bcd600f024dd817fd5cf63e56a33f /pkgs/build-support/build-fhs-userenv-bubblewrap
parent3daa06cc8b9cc54dd71c004c70921043dcb37105 (diff)
downloadnixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar.gz
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar.bz2
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar.lz
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar.xz
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.tar.zst
nixpkgs-df4761d45082d94f6a469bbcab71cee1e31719da.zip
fhs-userenv-bubblewrap: Preserve symlinks
Preserve top-level symlinks such as /lib -> /usr/lib.

This allows nested containers such as Steam's new runtime to remount
/usr if they need to and then run unmodified binaries that reference
e.g. /lib/ld-linux-x86-64.so.2

Before, we would mount the fully resolved host directory at /lib and
thus the dynamic loader would always be the one from the host filesystem.
Diffstat (limited to 'pkgs/build-support/build-fhs-userenv-bubblewrap')
-rw-r--r--pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix12
1 files changed, 9 insertions, 3 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
index 6592621570c..dd945678e6f 100644
--- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
+++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
@@ -68,13 +68,18 @@ let
   bwrapCmd = { initArgs ? "" }: ''
     blacklist=(/nix /dev /proc /etc)
     ro_mounts=()
+    symlinks=()
     for i in ${env}/*; do
       path="/''${i##*/}"
       if [[ $path == '/etc' ]]; then
-        continue
+        :
+      elif [[ -L $i ]]; then
+        symlinks+=(--symlink "$(readlink "$i")" "$path")
+        blacklist+=("$path")
+      else
+        ro_mounts+=(--ro-bind "$i" "$path")
+        blacklist+=("$path")
       fi
-      ro_mounts+=(--ro-bind "$i" "$path")
-      blacklist+=("$path")
     done
 
     if [[ -d ${env}/etc ]]; then
@@ -114,6 +119,7 @@ let
       --ro-bind /nix /nix
       ${etcBindFlags}
       "''${ro_mounts[@]}"
+      "''${symlinks[@]}"
       "''${auto_mounts[@]}"
       ${init runScript}/bin/${name}-init ${initArgs}
     )
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-11 09:01:44 +0000