| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new environment variable called
NIX_SANDBOX_DEBUG_INJECT_FILES. The name is intentionally very long so
that people hopefully *only* use it for debugging.
What this does is to just bind-mount the given source file to a given
destination file in the chroot.
For example:
NIX_SANDBOX_DEBUG_INJECT_FILES=/foo/bar=/bar/foo somethingSandboxed
The file /foo/bar outside of the sandbox will be bind-mounted to
/bar/foo within the sandbox. Several files can be separated via colon.
Of course the most interesting use case here (and the reason for this
feature) is that we can overlay files in the Nix store without the need
to rebuild anything, so we can quickly patch specific files.
In my case I'm using this so I can use radare2 to patch the assembly of
some binaries quickly for debugging/reverse engineering.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I now experienced the crash for the second time whenever my machine
starts swapping. The details about the crash(es) and the corresponding
fix can be found at:
https://bugs.chromium.org/p/chromium/issues/detail?id=822360
When the patch lands in mainline and stable, we can revert this very
commit.
Signed-off-by: aszlig <aszlig@nix.build>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@402ee4e9eaf08a697672718cd502067c726a7c73, mpv by
itself no longer has a script argument but there is now
"mpv-with-scripts", which boils down to something similar.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch, @sternenseemann
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream fixes since 1.3.23:
1.3.24 (10 July 2018):
* Players stuck on "Connecting to online services..." screen
* Crystalarium item swap exploit
* Furniture can be used to complete bundles
* Milk requirements for certain cooking recipes (now can accept either
Milk or Large Milk)
* Summer weather forecast bug
* Furniture duplication bug
* Long tool use animation bug
* Warp tile player & shadow animation bug
* "Cloud Country" not being added to the jukebox if you create a game
via the co-op menu
* Cooking food in the kitchen using ingredients from the wrong fridge
* Item debris duplication bug
1.3.25 (16 July 2018):
* Experimental network usage optimizations
* Infinite ingredient use exploit when cooking in the kitchen
* NPC marriage dialogue appearing for non-spouse players
* Lack of experience gained for harvesting crops with the scythe
* Inability to cancel moving a building
* Game occasionally locking up on a black screen at 2am
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was the whole reason why I implemented the monogame-patcher even
though it is very useful for other games as well.
So the main issue why patching was needed is that the game writes its
savegames into the same directories as other assets, so we need to be
very careful about which method we patch and how in order to avoid
failures to load other assets rather than savegames.
However while in principle the game runs fine there is a Heisenbug
hidden, so it segfaults whenever strace is not used. Here is the
backtrace:
#0 0x0000000000f973be in ?? ()
#1 0x0000000000f8f444 in ?? ()
#2 0x0000000000f2379b in ?? ()
#3 0x0000000000f2940b in ?? ()
#4 0x0000000000f1fa87 in ?? ()
#5 0x00000000008e8cc8 in ?? ()
#6 0x00007ffff79bc5a7 in start_thread () from libpthread.so.0
#7 0x00007ffff61cf22f in clone () from libc.so.6
Disassembly around 0xf973be:
f973a2: 45 0f b6 4f 02 movzbl 0x2(%r15),%r9d
f973a7: ba 04 00 00 00 mov $0x4,%edx
f973ac: 41 80 f9 02 cmp $0x2,%r9b
f973b0: 74 05 je f973b7
f973b2: 41 0f b6 57 03 movzbl 0x3(%r15),%edx
f973b7: 48 8b 40 30 mov 0x30(%rax),%rax
f973bb: 83 f9 1b cmp $0x1b,%ecx
>f973be: 8b 40 08 mov 0x8(%rax),%eax
f973c1: 89 44 24 58 mov %eax,0x58(%rsp)
f973c5: 0f 86 6d 01 00 00 jbe f97538
f973cb: c6 44 24 5f 00 movb $0x0,0x5f(%rsp)
f973d0: 45 31 ff xor %r15d,%r15d
f973d3: 89 54 24 28 mov %edx,0x28(%rsp)
f973d7: 89 74 24 20 mov %esi,0x20(%rsp)
f973db: 44 88 44 24 18 mov %r8b,0x18(%rsp)
f973e0: 44 88 4c 24 30 mov %r9b,0x30(%rsp)
f973e5: e8 16 fa 92 ff callq 8c6e00
The last callq is for <operator new(unsigned long)@@Base+0x27c9d0>, so
I'd suppose this might be a bug in the patched Mono version of Unity but
could also be a chain reaction (who knows).
Probably the reason why it works with strace might be a race condition,
but I haven't thoroughly debugged this. Especially if there are no
symbols available it's very hard to debug, so I'll leave that to some
day in the future.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far we only matched a substring of a type, which isn't very exact of
course. We also weren't able to specify the method to patch.
Now the methods that are being patched can be specified by using
Type::Method. If it's just Type without a method all the methods of the
type and its subtypes are patched.
I also added a small check to make sure that all of these methods were
found, and if not an error is thrown.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
If there is a command line usage error, we really don't want the program
to return exit status 0 (success), so let's actually set the return
value on WithParsed().
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
We really want to make sure that things were actually patched, so just
silently skipping everything is not an option.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
If we want to replace a call with one that's not in a module which is
currently referenced by the target file we now have another command line
flag for replace-call (-a) where we can specify the additional DLL file.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
While there won't be any .git directories within ./src, I still create
Vim swap files all the time when editing stuff. So let's make sure that
those swap files are not included in the src input of the derivation.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default the assemblies are searched in the current working directory,
but when patching an assembly in some other directory than the current
the patcher will fail to resolve assemblies residing beneath the target
file.
So we just add the directory of the target file to the search path.
I also moved all of the assemblies in the test to be in a subdir so we
can verify that this indeed works and we won't regress in the future.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the command is not executed inside a terminal the value of
Console.WindowWidth is 0 and thus we will get an exception from
CommandLineParser:
Unhandled Exception:
System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length
at System.String.Substring ...
at CommandLine.Text.HelpText.AddOption ...
...
So let's initialize the parser with settings and if WindowWidth is 0 we
just add 80 as the width.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using an IEnumerable for the search and replace arguments isn't really a
very good idea, because it makes command line usage very annoying and
messes up the usage description.
I originally made this an IEnumerable because I wanted to have a way to
specify multiple replacements, but we can simply run the patcher twice
or more times.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far we have searched for methods in two steps: First get all the
types and then find all of the constructors or method definitions.
The match for the actual method definition was done first for the type
and then again for the full definition of the method/constructor.
For the replace-call subcommand this also means that we don't have a
very good way to find the type, because if we wanted to keep doing this
in two steps we would need to parse the type name out of the one given
as the replacement string in replace-call.
So now we recurse through *all* the constructors and methods and do a
full match against the specified replacement string, both for
replace-call and for fix-filestreams.
Compared to the implementation so far we also do this just once instead
of every time we find a call or FileStream constructor.
I also overhauled the way we do testing, because in the end writing
tests using NUnit would introduce a lot of code churn because we need to
make a lot of external calls. The shell is especially useful for exactly
that and our tests are now just a plain shell script.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly this is so we can prepare for running unit tests, so we get the
latest version of NUnit and run the console test runner.
Currently there is only a dummy test which always succeeds, but it's
there so that we can fill out the boilerplate later.
I also moved the option definitions into a separate file so they don't
clutter up the main file.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I really would have preferred a simple Makefile, but with that we can't
use buildDotnetPackage and we also need to take care of butchering the
dependencies manually.
So I moved everything to src/ and added a csproj file to clean up most
of the cruft and just use buildDotnetPackage with minimal attributes.
In addition to that I also added assembly info, so that the command line
help will show the proper author name, copyright, yaddayadda...
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a very early version which I did for a Unity3d game and it
*desperately* needs a cleanup.
An example command line:
monogame-patcher replace-call -i Assembly-CSharp.dll \
'System.String UnityEngine.Application::get_dataPath()' \
'System.String UnityEngine.Application::get_persistentDataPath()' \
IniParser SaveMeta
Right now the replace-call subcommand has UnityEngine.Application
hardcoded, so this won't work for other types than
UnityEngine.Application.
However, I'm going to refactor the whole patcher very soon and add some
tests, so this whole mess will be cleaned up.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patcher using Cecil is now in its own derivation and can thus be
easily added via nativeBuildInputs. Patching FileStream types is so
common that it comes in handy for other games using Mono.
I also improved the patcher a little bit so it accepts command line
arguments and it's easier to add the types that needed to be patched
directly via command line arguments.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
| |
This is a really good GraphViz viewer and since I need to do some GV
this integrates nicely with my workflow.
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
Most of these machines have limited RAM and come to a crawl whenever
swap space needs to be used.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The zswap module is essentially what I had here, so let's just use that
instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Even though these options are rather opinionated rather than generally
useful, it makes sense to have an option for that because I'm going to
use it for my managed machines as well.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
| |
The Ransome Unbeeped DLC doesn't have a data/noarch/support directory
which we need for the icon so we need to change the unpack root to
data/noarch. This shouldn't make the unpacking phase that much longer
because the only additional files that get unpacked are small scripts
and docs.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With fetchHumbleBundle finally being able to fetch the game with my
account, I think it's time to update the Nix expression. :-)
The game's binary is basically nothing more than just a wrapped Mono, so
we can use directly Mono from <nixpkgs> instead of patching the wrapper.
I also stubbed out the symbols for libsteam_api.so, which might be a
good idea to provide for other games as well but in a more generic way.
Another thing that was needed solely because of my stubbornness was to
patch out the system() libc library call in libfmodex.so, because I
didn't want to add /bin/sh to the sandbox.
So in summary: The new expression now is sandboxed, doesn't use the
wrapper anymore and also has a desktop entry :-)
Unfortunately I haven't found a changelog online to see what has changed
between the 20120620 and 20161016.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @layus
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every HumbleBundle purchase has a list of subproducts and those have
so-called 'machine_name' attributes which are unique. However in our
fetcher we used the 'human_name' as a unique key, which isn't really
unique and in case of bastion the soundtrack subproduct is has the
human_name "Bastion" and the actual game has the *same* name as well.
Using the machine_name as the unique key now solves the problem that
certain games couldn't be found if you for example also have the
soundtrack.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since kernel 4.18 contains the zstd compression module in the crypto
API, it really makes sense to use that instead of the default (lzo) as
it seems to have lower CPU usage with higher compression ratios.
Another change I've made is to use z3fold for the pooling, so that 3
pages are cramped into one page of the pool. I did also have a look at
zsmalloc, but it seems to come with the cost of additional CPU usage.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes changes for upstream release 1.0.1834 and 1.0.1839.
New & Changed Features for version 1.0.1839:
* Two changes were made to data saved for NG+ after completing the
game:
* Level 2 upgrades (Super Upgrade points) are undone and the
upgrade points are refunded. This allows the player to choose
different Level 2 upgrades when starting the NG+ game.
* Ammo, missile, and upgrade counts will only be updated if they
are better than the values saved from the player's previous
run(s).
* Updated Rewired input manager, providing support for 3Dconnexion
devices such as Space Mouse, Space Explorer, Space Navigator, etc.
Fixes for version 1.0.1839:
* Fixed the problem with user levels not working on Linux.
* NG+ now works add-on missions.
* Add-on levels are ignored if they have the same name as an existing
level.
* The correct ending is now played for Cronus NG+.
* Fixed survivor pickup error when there was no story text (which
could happen in an add-on level).
* Removed anti-cheat detector warning messages that in certain cases
caused performance issues.
* Fix Save/Load issue with Flak range finder.
* Player is no longer warned about skipping upgrades if all upgrades
have been applied.
* Fixed the orange sky in Phoebe Complex.
* Fixed the flickering light at the start of Level 6.
* Fixed problem of upgrades disappearing in add-on missions.
New & Changed Features for version 1.0.1834:
* Added 17 new cheat codes (total is now 20). We'll probably do
something like announce one new code each day in Discord.
* Pause menu and end level menu shows 'Cheater' if cheat code used.
* Added Valkyrie to some CM levels, and added Phantom to more CM
levels.
* Made [Backspace] act like [Delete] on Mac.
* Post-level and post-mission results show times in line with the
speedrun timer.
* Added stars in the sky in 4 CM levels, 3 MP levels, and 5 SP levels.
Fixes for version 1.0.1834:
* Fixed an issue in NG+ with reactors doubling their health after each
save/load.
* Fixed an issue with doors getting erroneously locked after
save/load.
* Fixed a mixup with black/grey decals.
* Fixed missing boss music in NG+ level 15.
* Fixed issue with 'last' weapon available in CM not being randomly
chosen.
* Fixed Vortex and Lancer (and Timebomb in some situations) not
spawning in CM.
* Fixed an issue with not dying in certain situations on Linux in
non-English after loading a saved game.
* Fixed invisible weapons in MP
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The latest master version has a few fixes for World of Xeen:
* Split the Adlib sound driver into it's own file
* Add detection entries for Clouds/Darkside/World of Xeen GOG German
* Fix crash using mirrors in standalone Clouds of Xeen
* Properly handle SFX & Music volume control
* Call audio cd manager open/close in engine init/deinit
* Fix using mouse click to close message dialogs
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
| |
Two of the applications I use (gpodder and gajim) use Gtk and the
default Adwaita theme is rather blinding me, especially at night.
So let's set the GTK_THEME environment variable globally.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream fixes:
* Prismatic shard drop rates don't increase when players hit the
bottom of the mine
* Farmhands warped to the wrong version of Marnie's house after
purchasing animals
* Crash when player/player child is born and one of the parents is
offline
* Multiple spouses standing in same space on farm
* Using a weapon after eating nullifies the food effects
* Walk around (instead of through) Pam when getting on the bus
* Toddlers not moving inside cabins
* Stop fly buzzing sound when it dies
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This packages "Return to the Roots" along with the game data fetched
from GOG. So basically it's RTTR with a "RTTR_GAMEDIR" set to the files
extracted from the GOG version.
In reality it's a bit more involved as we need to patch a few things and
also make sure that the sounds are built via Nix rather to be generated
at runtime.
The RTTR standard procedure would be to just install RTTR and you put
your game data somewhere in /usr/share (or any other place you've
configured) and on first startup it's generating the SOUND.LST file.
We want all the games in Vuizvui to be completely dispensible so that
the persistent files are *only* in $XDG_DATA_HOME/settlers2, so I've
made sure that everything is baked in at *build* time instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far in the games namespace we have just used the callPackage_i686
function from <nixpkgs> instead of our augmented set.
If we just use packages that are available in <nixpkgs> everything is
fine, but as soon as we want to use one of our own packages for
i686-linux we can't simply do that.
One example is the override in the gog.albion derivation which just uses
buildSandbox from the main pkgs attribute set.
We now properly pass through the whole pkgsi686Linux set to the games
namespace, so we can drop that hack for Albion.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
The attribute linuxPackages_copperhead_stable has been removed in
NixOS/nixpkgs@ddce094ddf456434e15a7af315be1f6de4136fd7 because it's
unmaintained.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Finally the version is in par with the Steam version.
Here are the fixes since 1.3.18:
1.3.19 (14 June 2018):
* Client crashing when joining game due to null quest
* Beach Bridge not updating for other players when one repairs it
* Controls locking up inside fishing tent
* Loss of 'Dating' friendship status when upgrading from 1.2 to 1.3
* Wedding ring not appearing in crafting list in smapi
* deepestMineLevel stat only updating when they go deeper then any
other player
* Seasonal tileset / smapi compatibility issue
* Farmhands unable to enter pierre's on Wednesday after Community
center completion
* Rain totems not working in multiplayer
* No blue chickens in mulitplayer
* Gus walking through walls in Community Center
* Some animations playing at double speed inside buildings
* Pam disappearing (potential fix)
1.3.20 (19 June 2018):
* Fish splash points not properly syncing
* Missing elevator dings for clients
* Objects broken by weapons breaking twice when there is latency
* Glitched chest object in inventory UI
* Horse missing sounds/animation for clients
* Crash when trying to display dialogue for NPCs without any dialogue
left
* Players hidden from view when local player uses a return scepter
* All players teleported when return scepter used
* Structures can be placed where players would get stuck exiting them
* Allow players to walk out of resources (stumps/rocks) if they become
stuck inside
* Grandpa's candles not lighting
* Freeze up when all players are not in bed at 2am
* Farmhands not seeing giant mushroom trees until they relog
* Translation fixes
* Door/footstep sounds can be heard mapwide
* Item duplication if farmhands login while their inventory is open
* Stamina resetting to max when you leave/rejoin
* Trash items respawning when player travels to a different location
* Crash after blowing up a rock crab
* Fishing treasure chest causing a new cast
* Filled chests breaking when they're next to an empty chest
1.3.21 (21 June 2018):
* Animal sounds playing outside of map
* Player icons overlapping on the map page
* Fishing rod casting temp sprites during the fall mini game
* Unsynced exhausted state and passing out
* Remote characters not blinking
* Grubs invincible to host while retreating
* Floating lamp sprite in mines
* Secret notes fished up spawning without a note number
* Beer sprite overlapped by counter in Clint 3 heart event
* Secret note #4 description fix
1.3.22 (3 July 2018):
* Crash after 596 hours of gameplay
* Mistranslated Chinese co-op button on main menu
* Divorced status not carried over from 1.2 saves
* Post-6pm animal mood drain
* Animal happiness overflowing
* Spa not regenerating stamina when a menu is open in multiplayer
* Second player-player parent pregnancy causing crashes
* Farmhands able to retrieve last item shipped after it has been sold
* Lighting detaching from sources when upgrading house
* Players losing cursor slot items when they become disconnected while
managing inventory
* Farmhands unable to enter tower if they join after CC is completed
* Armored bugs not invincible
* Wrong fish appearing in fishing minigame tent
* Slingshot minigame crash
* Broken skull cavern level 100 event in Russian
* Cave carrot quest crash
* Buffs not clearing when farmhands log out
* Farmhands can't open chest in Junimo huts
* Goblin problem quest still in log for other players after goblin is
removed
* New songs on Jukebox show wrong names
* Duplicate songs on Jukebox
I haven't extensively tested this, only loaded a savegame and walked
around a bit. However the changes are only fixes and there aren't any
changes that would be relevant for our packaging.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
This reverts commit 21118154c9a5c94ae701f88ac20743e8c3c2d539.
|
|
|
|
|
| |
Introduced in #42798. The usage of `users.extraGroups` is apparently
deprecated and has been replaced with `users.groups`.
|
|
|
|
|
|
|
|
| |
The users.extraUsers has been renamed a long time ago, so let's switch
to the new option.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @sternenseemann
|
|
|
|
|
|
|
|
| |
I'm going to use the sandboxing implementation as the basis for
something else where I'm going to do additional mounts on top of the
existing ones. This is just to make it easier to find the mount target.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using MS_BIND the mount flags aren't actually applied, so we need
to remount the bind mount with the flags we wanted if additional flags
are desired for the mount.
I've also removed the MS_NOATIME, because this doesn't work for kernel
4.14 (returns -EPERM) and it's really not necessary to change the atime
flags for our bind mounts.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the Nix store should be read-only by default, we can't guarantee
this as the Nix store could be mounted read-write (for example on
non-NixOS systems).
For paths other than store directories, I took a conservative approach
here where only /etc is mounted read-only, for all the pseudo-
filesystems such as /proc, /sys or /dev write access might still be
needed, for example to write to a hardware device exposed via /dev (eg.
a gamepad with rumble support).
Signed-off-by: aszlig <aszlig@nix.build>
|