buildFHSEnv: use symlinks instead of bind mounts for files from host /etc

Closes #247065
author: Jeff Huffman <tejing@tejing.com> 2023-12-09 00:26:55 -0500
committer: Jonathan Ringer <jonringer@users.noreply.github.com> 2023-12-13 23:33:05 -0800
commit: 452b8162ecc995793d906cde424b652fa3dd1314 (patch)
tree: a0d410a3e731177ebc276255f8a6eb28a40235a2 /pkgs
parent: 7046c894bd24227bd05937e182e7fea7be836b16 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
index 687cff3f01e2b..ba28c68c3de3d 100644
--- a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
+++ b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
@@ -150,10 +150,8 @@ let
       if [[ "''${etc_ignored[@]}" =~ "$i" ]]; then
         continue
       fi
-      if [[ -L $i ]]; then
-        symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$i")
-      else
-        ro_mounts+=(--ro-bind-try "$i" "$i")
+      if [[ -e $i ]]; then
+        symlinks+=(--symlink "/.host-etc/''${i#/etc/}" "$i")
       fi
     done
 
@@ -192,6 +190,7 @@ let
       ${lib.optionalString unshareCgroup "--unshare-cgroup"}
       ${lib.optionalString dieWithParent "--die-with-parent"}
       --ro-bind /nix /nix
+      --ro-bind /etc /.host-etc
       # Our glibc will look for the cache in its own path in `/nix/store`.
       # As such, we need a cache to exist there, because pressure-vessel
       # depends on the existence of an ld cache. However, adding one
author	Jeff Huffman <tejing@tejing.com>	2023-12-09 00:26:55 -0500
committer	Jonathan Ringer <jonringer@users.noreply.github.com>	2023-12-13 23:33:05 -0800
commit	452b8162ecc995793d906cde424b652fa3dd1314 (patch)
tree	a0d410a3e731177ebc276255f8a6eb28a40235a2 /pkgs
parent	7046c894bd24227bd05937e182e7fea7be836b16 (diff)