diff options
| author | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
| commit | d90a7cf68d5cd5b625756ff258f3c99754d6880d (patch) | |
| tree | 442d45ce791e9d5ca6f184b3a3d42de20f71a9a9 /pkgs/build-support/build-sandbox/src | |
| parent | 3f2496cd7299bfe54a787cde4aec42b84494a7d6 (diff) | |
sandbox: Add an option to set up /bin/sh
So far I mostly used this implementation for the games we have packaged, where we pretty much patch out all commands that execute external programs. However in order to be useful in a more generic way, it makes sense to provide a /bin/sh implementation, especially when you have to deal with scripting languages. I'm using dash here, because it's a more minimal implementation rather than the default shell (bash) we use in nixpkgs and it practically only needs to be able to run constructs like "/bin/sh -c foo". Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'pkgs/build-support/build-sandbox/src')
| -rw-r--r-- | pkgs/build-support/build-sandbox/src/Makefile | 3 | ||||
| -rw-r--r-- | pkgs/build-support/build-sandbox/src/setup.c | 20 |
2 files changed, 23 insertions, 0 deletions
diff --git a/pkgs/build-support/build-sandbox/src/Makefile b/pkgs/build-support/build-sandbox/src/Makefile index a5b9b32d..e18ec9d4 100644 --- a/pkgs/build-support/build-sandbox/src/Makefile +++ b/pkgs/build-support/build-sandbox/src/Makefile @@ -8,6 +8,9 @@ NIX_VERSION = `pkg-config --modversion nix-main | \ OBJECTS = nix-query.o path-cache.o params.o setup.o CFLAGS = -g -Wall -std=gnu11 -DFS_ROOT_DIR=\"$(out)\" +ifdef BINSH_EXECUTABLE +CFLAGS += -DBINSH_EXECUTABLE=\"$(BINSH_EXECUTABLE)\" +endif CXXFLAGS = -g -Wall -std=c++14 `pkg-config --cflags nix-main` CXXFLAGS += -DNIX_VERSION=$(NIX_VERSION) LDFLAGS = -Wl,--copy-dt-needed-entries `pkg-config --libs nix-main` diff --git a/pkgs/build-support/build-sandbox/src/setup.c b/pkgs/build-support/build-sandbox/src/setup.c index cf73d3e8..feafd6f6 100644 --- a/pkgs/build-support/build-sandbox/src/setup.c +++ b/pkgs/build-support/build-sandbox/src/setup.c @@ -589,6 +589,21 @@ static bool setup_xauthority(void) return result; } +#ifdef BINSH_EXECUTABLE +static bool setup_binsh(const char *executable) +{ + if (!makedirs(FS_ROOT_DIR "/bin", false)) + return false; + + if (symlink(executable, FS_ROOT_DIR "/bin/sh") == -1) { + fprintf(stderr, "creating symlink from %s to %s: %s\n", + executable, FS_ROOT_DIR "/bin/sh", strerror(errno)); + return false; + } + return true; +} +#endif + static bool is_dir(const char *path) { struct stat sb; @@ -779,6 +794,11 @@ static bool setup_chroot(void) if (!setup_runtime_debug()) return false; +#ifdef BINSH_EXECUTABLE + if (!setup_binsh(BINSH_EXECUTABLE)) + return false; +#endif + if (chroot(FS_ROOT_DIR) == -1) { perror("chroot"); return false; |