diff options
author | Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com> | 2023-02-21 09:39:10 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-21 09:39:10 +0100 |
commit | 532c70f531a0b61eb0ad506497209e302b8250f3 (patch) | |
tree | eb096bac5c2fd2d31a447b22ac08a59a51b64a4f | |
parent | 5510daf132db87c211d41ec91e24a837ad6e42cf (diff) | |
parent | bbba49b3e42fb4bacd9b253f41291dc381ba10db (diff) |
Merge pull request #7856 from yorickvP/fix-nsswitch
Wait with making /etc unwritable until after build env setup
-rw-r--r-- | src/libstore/build/local-derivation-goal.cc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index 7b125f5d2..a961d8eed 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -971,10 +971,6 @@ void LocalDerivationGoal::startBuilder() "nobody:x:65534:65534:Nobody:/:/noshell\n", sandboxUid(), sandboxGid(), settings.sandboxBuildDir)); - /* Make /etc unwritable */ - if (!parsedDrv->useUidRange()) - chmod_(chrootRootDir + "/etc", 0555); - /* Save the mount- and user namespace of the child. We have to do this *before* the child does a chroot. */ sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY); @@ -1855,6 +1851,10 @@ void LocalDerivationGoal::runChild() } } + /* Make /etc unwritable */ + if (!parsedDrv->useUidRange()) + chmod_(chrootRootDir + "/etc", 0555); + /* Unshare this mount namespace. This is necessary because pivot_root() below changes the root of the mount namespace. This means that the call to setns() in |