From 90316a0ec638e82819188647d6c0ceed339c7714 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Sat, 9 Jun 2018 23:19:19 +0200
Subject: pkgs/sandbox: Handle store paths that are symlinks

For example the store path of libGL-1.0.0 is a symlink pointing to
libglvnd-1.0.0 right now on my machine.

If we have such a symlink the sandbox would just silently skip it and
only mount the *resolved* path instead of creating the symlink leading
to the target.

Now whenever bind_mount() with the resolve argument being true is used,
we create all the symlinks leading to the target path determined by
realpath().

Signed-off-by: aszlig <aszlig@nix.build>
---
 tests/sandbox.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'tests')

diff --git a/tests/sandbox.nix b/tests/sandbox.nix
index 20ae88d6..f3013b2e 100644
--- a/tests/sandbox.nix
+++ b/tests/sandbox.nix
@@ -18,6 +18,12 @@
     systemd.services.display-manager.enable = false;
 
     environment.systemPackages = let
+      mkNestedLinksTo = drv: let
+        mkLink = name: to: pkgs.runCommand name { inherit to; } ''
+          ln -s "$to" "$out"
+        '';
+      in mkLink "nested-1" (mkLink "nested-2" (mkLink "nested-3" drv));
+
       testPackage = pkgs.runCommand "test-sandbox" {
         program = ''
           #!${pkgs.stdenv.shell} -ex
@@ -31,6 +37,16 @@
           # Should fail because we can't access the host's PATH
           ! echo foo | grep -qF foo
 
+          # Check whether we can access files behind nested storepaths that are
+          # symlinks.
+          lfile="$(< ${mkNestedLinksTo (pkgs.writeText "target" "file")})"
+          test "$lfile" = file
+          ldir="$(< ${mkNestedLinksTo (pkgs.runCommand "target" {} ''
+            mkdir -p "$out"
+            echo dir > "$out/canary"
+          '')}/canary)"
+          test "$ldir" = dir
+
           export PATH=/run/baz-test-sandbox/bin
           echo foo > /home/foo/existing/bar
           test ! -d /home/foo/nonexisting
-- 
cgit 1.4.1