| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now distinguish between paths that have to exist and paths that are
fine to skip during bind mounting.
So far we had hard failures whenever a path that needed to be mounted
didn't exist, for example something like $XDG_CONFIG_HOME/unity3d failed
whenever the directory didn't exist.
Apart from that we now have a more clean attribute structure for sandbox
parameters, which are now:
* paths.required: Created prior to bind-mounting
* paths.wanted: Skipped if it doesn't exist
* paths.runtimeVars: Extracted from PATH-like environment variables
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
We already mount /etc, but it isn't quite enough, because it contains
files symlinked to /etc/static, which in turn is a store path so we need
to mount the closure of that path as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
First of all this is to bring down the amount of syscalls we're doing
but it's also useful to avoid errors when we try to mount a path over an
already mounted path.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On NixOS the LD_LIBRARY_PATH looks similar to this (depending on the
configuration):
/run/opengl-driver/lib:/run/opengl-driver-32/lib
However, we don't have these paths available within the sandbox, because
so far we've only used exportReferencesGraph to gather the runtime
dependencies after the build has succeeded.
This obviously doesn't take into account runtime dependencies from the
system itself.
We are now taking care of this by using the Nix store library to query
the requisities of all the paths that are contained inside path-like
variables (multiple paths delimited by colons) and mount them during
sandbox setup.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
| |
This leaves sandbox.c with only the main() function and nothing else, so
that whenever we have a lot of binaries to generate, the compilation
time should be much lower now.
The change doesn't change anything in functionality.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
We're now using a makefile for building the sandbox and use pkg-config
to pass in the flags we need for compiling against lib(nix)store.
Right now the sandbox itself doesn't do anything different because we're
not actually using the (incomplete) code for querying the store.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|