From 8d77ca6a9a94d4547a0abc8f27753fb7755e69cd Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 27 Sep 2017 22:27:31 +0200 Subject: pkgs/sandbox: Use own store path as root directory I've already pointed out in the previous commit that using /tmp for the root directory isn't a very good idea, mainly because we can't access sockets from /tmp (eg. the X server sockets). So what we're now doing is using the store path that contains the sandbox wrappers, because that very path won't be mounted into the sandbox anyway, so we get a free directory just as an entry point. This has the main advantage that we don't need to create any temporary directories which we later need to clean up nor do we need to assume that some paths might exist in the system. For example if we'd use /usr we still have /usr/bin/env on NixOS, but if that's going to go away in the future or we are on a distro that doesn't have it at all, the sandbox setup will fail. Signed-off-by: aszlig --- pkgs/games/build-support/build-sandbox/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/games/build-support/build-sandbox/default.nix') diff --git a/pkgs/games/build-support/build-sandbox/default.nix b/pkgs/games/build-support/build-sandbox/default.nix index 3b41e1bd..615f5358 100644 --- a/pkgs/games/build-support/build-sandbox/default.nix +++ b/pkgs/games/build-support/build-sandbox/default.nix @@ -53,6 +53,7 @@ stdenv.mkDerivation ({ -DWRAPPED_PATH=\""$bin"\" \ -DWRAPPED_PROGNAME=\""$progname"\" \ -DPARAMS_FILE=\""$(pwd)/params.c"\" \ + -DFS_ROOT_DIR=\""$out"\" \ -o "$out/bin/$progname" ${./sandbox.c} done ''; -- cgit 1.4.1