blob: 27712e4d42f51834d9e852096b8cdac2c0d75e4d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
{ stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which
, libnl, protobuf, protobufc, shadow
}:
stdenv.mkDerivation rec {
pname = "nsjail";
version = "2.9";
src = fetchFromGitHub {
owner = "google";
repo = "nsjail";
rev = version;
fetchSubmodules = true;
sha256 = "0218n0qjb45fawqqfj3gdxgd0fw5k0vxn9iggi0ciljmr9zywkgh";
};
postPatch = ''
substituteInPlace user.cc \
--replace "/usr/bin/newgidmap" "${shadow}/bin/newgidmap" \
--replace "/usr/bin/newuidmap" "${shadow}/bin/newuidmap"
'';
nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ];
buildInputs = [ libnl protobuf protobufc ];
enableParallelBuilding = true;
installPhase = ''
mkdir -p $out/bin $out/share/man/man1
install nsjail $out/bin/
install nsjail.1 $out/share/man/man1/
'';
meta = with stdenv.lib; {
description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
homepage = "http://nsjail.com/";
license = licenses.asl20;
maintainers = with maintainers; [ bosu c0bw3b ];
platforms = platforms.linux;
};
}
|