diff options
author | Benedikt Morbach <benedikt.morbach@googlemail.com> | 2020-10-24 17:23:37 +0200 |
---|---|---|
committer | Luigi Sartor Piucco <luigipiucco@gmail.com> | 2021-02-22 14:35:44 -0300 |
commit | df4761d45082d94f6a469bbcab71cee1e31719da (patch) | |
tree | d5db180ec29bcd600f024dd817fd5cf63e56a33f /pkgs/build-support | |
parent | 3daa06cc8b9cc54dd71c004c70921043dcb37105 (diff) |
fhs-userenv-bubblewrap: Preserve symlinks
Preserve top-level symlinks such as /lib -> /usr/lib. This allows nested containers such as Steam's new runtime to remount /usr if they need to and then run unmodified binaries that reference e.g. /lib/ld-linux-x86-64.so.2 Before, we would mount the fully resolved host directory at /lib and thus the dynamic loader would always be the one from the host filesystem.
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix index 6592621570ce9..dd945678e6f56 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -68,13 +68,18 @@ let bwrapCmd = { initArgs ? "" }: '' blacklist=(/nix /dev /proc /etc) ro_mounts=() + symlinks=() for i in ${env}/*; do path="/''${i##*/}" if [[ $path == '/etc' ]]; then - continue + : + elif [[ -L $i ]]; then + symlinks+=(--symlink "$(readlink "$i")" "$path") + blacklist+=("$path") + else + ro_mounts+=(--ro-bind "$i" "$path") + blacklist+=("$path") fi - ro_mounts+=(--ro-bind "$i" "$path") - blacklist+=("$path") done if [[ -d ${env}/etc ]]; then @@ -114,6 +119,7 @@ let --ro-bind /nix /nix ${etcBindFlags} "''${ro_mounts[@]}" + "''${symlinks[@]}" "''${auto_mounts[@]}" ${init runScript}/bin/${name}-init ${initArgs} ) |