diff options
author | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
commit | d90a7cf68d5cd5b625756ff258f3c99754d6880d (patch) | |
tree | 442d45ce791e9d5ca6f184b3a3d42de20f71a9a9 /pkgs/build-support/build-sandbox/src/setup.c | |
parent | 3f2496cd7299bfe54a787cde4aec42b84494a7d6 (diff) |
sandbox: Add an option to set up /bin/sh
So far I mostly used this implementation for the games we have packaged, where we pretty much patch out all commands that execute external programs. However in order to be useful in a more generic way, it makes sense to provide a /bin/sh implementation, especially when you have to deal with scripting languages. I'm using dash here, because it's a more minimal implementation rather than the default shell (bash) we use in nixpkgs and it practically only needs to be able to run constructs like "/bin/sh -c foo". Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'pkgs/build-support/build-sandbox/src/setup.c')
-rw-r--r-- | pkgs/build-support/build-sandbox/src/setup.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pkgs/build-support/build-sandbox/src/setup.c b/pkgs/build-support/build-sandbox/src/setup.c index cf73d3e8..feafd6f6 100644 --- a/pkgs/build-support/build-sandbox/src/setup.c +++ b/pkgs/build-support/build-sandbox/src/setup.c @@ -589,6 +589,21 @@ static bool setup_xauthority(void) return result; } +#ifdef BINSH_EXECUTABLE +static bool setup_binsh(const char *executable) +{ + if (!makedirs(FS_ROOT_DIR "/bin", false)) + return false; + + if (symlink(executable, FS_ROOT_DIR "/bin/sh") == -1) { + fprintf(stderr, "creating symlink from %s to %s: %s\n", + executable, FS_ROOT_DIR "/bin/sh", strerror(errno)); + return false; + } + return true; +} +#endif + static bool is_dir(const char *path) { struct stat sb; @@ -779,6 +794,11 @@ static bool setup_chroot(void) if (!setup_runtime_debug()) return false; +#ifdef BINSH_EXECUTABLE + if (!setup_binsh(BINSH_EXECUTABLE)) + return false; +#endif + if (chroot(FS_ROOT_DIR) == -1) { perror("chroot"); return false; |