about summary refs log tree commit diff
path: root/nixos/modules/system
diff options
context:
space:
mode:
authorAnderson Torres <torres.anderson.85@protonmail.com>2022-12-28 17:33:46 -0300
committerGitHub <noreply@github.com>2022-12-28 17:33:46 -0300
commit5f5b7824cb822796cd0d77cd439f3e3b1848e072 (patch)
tree0442eaf4610e51d88ad416591bf3e9695375ef6e /nixos/modules/system
parenta79e10a2053f943331d81f4747de226bedcac45d (diff)
parent0e89c822afd4d60b4bf5c96a35d77b2de9ad624b (diff)
Merge pull request #132694 from arcnmx/binfmt-interp-sandbox
nixos/binfmt: add interpreter path to sandbox
Diffstat (limited to 'nixos/modules/system')
-rw-r--r--nixos/modules/system/boot/binfmt.nix16
1 files changed, 8 insertions, 8 deletions
diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix
index 87e66f73be0ec..7f817e5d350da 100644
--- a/nixos/modules/system/boot/binfmt.nix
+++ b/nixos/modules/system/boot/binfmt.nix
@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  inherit (lib) mkOption types optionalString stringAfter;
+  inherit (lib) mkOption mkDefault types optionalString stringAfter;
 
   cfg = config.boot.binfmt;
 
@@ -281,7 +281,7 @@ in {
   config = {
     boot.binfmt.registrations = builtins.listToAttrs (map (system: {
       name = system;
-      value = let
+      value = { config, ... }: let
         interpreter = getEmulator system;
         qemuArch = getQemuArch system;
 
@@ -292,13 +292,13 @@ in {
         in
           if preserveArgvZero then "${wrapper}/bin/${wrapperName}"
           else interpreter;
-      in {
-        inherit preserveArgvZero;
+      in ({
+        preserveArgvZero = mkDefault preserveArgvZero;
 
-        interpreter = interpreterReg;
-        wrapInterpreterInShell = !preserveArgvZero;
-        interpreterSandboxPath = dirOf (dirOf interpreterReg);
-      } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
+        interpreter = mkDefault interpreterReg;
+        wrapInterpreterInShell = mkDefault (!config.preserveArgvZero);
+        interpreterSandboxPath = mkDefault (dirOf (dirOf config.interpreter));
+      } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}")));
     }) cfg.emulatedSystems);
     nix.settings = lib.mkIf (cfg.emulatedSystems != []) {
       extra-platforms = cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-11 16:52:05 +0000