| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far creating the sandbox has been a setup hook, however it's a bit
ugly how we gathered the needed paths for the chroot file system by
recursively searching for store paths.
While I'd like to have the sandbox being built within the main
derivation, it really isn't very practical when the build takes longer
than 10 minutes.
With this implementation however the sandbox builds really fast and we
can also modify the sandbox without needing to rebuild a particular
game.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is basically to make sure various games can't write to whatever
they want in the file system, so it's not a complete sandboxing
solution.
Currently there's a drawback in that we can't easily determine the
runtime dependencies while building a particular game, so we need to
recursively dig through all referenced store paths to look them up.
A better solution for this would be to gather the build time reference
graph prior to building so that we can limit searching for these
references within only the actual build outputs instead of churning
through all inputs.
In addition to that, we currently mount the namespaced root file system
on top of /tmp, which makes the real /tmp unavailable to us. While in
theory this shouldn't be a problem, it actually turns out it is indeed a
problem if the application wants to connect to the X server socket,
which is at something like /tmp/.X11-unix/X0 for display :0.
Apart from these drawbacks we have a working solution for simple
applications (not games, because they usually require X), which now get
its own chroot with only the paths accessible that are strictly
necessary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
This allows us to add libraries to the RPATH despite being required by
the respective game. By default there is only PulseAudio at the moment.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
The main functionality for this function is to gather missing
dependencies in ELF executables and shared libraries and using patchelf
to set the right RPATH.
All of the dependencies are searched based on what we have in one of the
buildInputs variables, so all we need to do is list them in there.
One thing that's still left to solve is adding libraries to the RPATH
which are only required at runtime. An example for this would be the
pulseaudio library.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|