|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've already pointed out in the previous commit that using /tmp for the
root directory isn't a very good idea, mainly because we can't access
sockets from /tmp (eg. the X server sockets).
So what we're now doing is using the store path that contains the
sandbox wrappers, because that very path won't be mounted into the
sandbox anyway, so we get a free directory just as an entry point.
This has the main advantage that we don't need to create any temporary
directories which we later need to clean up nor do we need to assume
that some paths might exist in the system. For example if we'd use /usr
we still have /usr/bin/env on NixOS, but if that's going to go away in
the future or we are on a distro that doesn't have it at all, the
sandbox setup will fail.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|