diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2023-07-13 13:17:17 -0400 |
|---|---|---|
| committer | John Ericson <John.Ericson@Obsidian.Systems> | 2023-07-14 09:40:24 -0400 |
| commit | 0f7242ff8712939e64f049dc8e14663d2b3e3585 (patch) | |
| tree | 07586e44add816ae3444b68f99c5f3878a20d29f /src | |
| parent | 6d9f1a8dccacc9624aa7c48733e901837e8183a8 (diff) | |
Test nested sandboxing, and make nicer error
We were bedeviled by sandboxing issues when working on the layered
store. The problem ended up being that when we have nested nix builds,
and the inner store is inside the build dir (e.g. store is
`/build/nix-test/$name/store`, build dir is `/build`) bind mounts
clobber each other and store paths cannot be found.
After thoroughly cleaning up `local-derivation-goal.cc`, we might be
able to make that work. But that is a lot of work. For now, we just fail
earlier with a proper error message.
Finally, test this: nested sandboxing without the problematic store dir
should work, and with should fail with the expected error message.
Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstore/build/local-derivation-goal.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index ee66ee500..e22a522a2 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -594,6 +594,10 @@ void LocalDerivationGoal::startBuilder() else dirsInChroot[i.substr(0, p)] = {i.substr(p + 1), optional}; } + if (hasPrefix(worker.store.storeDir, tmpDirInSandbox)) + { + throw Error("`sandbox-build-dir` must not contain the storeDir"); + } dirsInChroot[tmpDirInSandbox] = tmpDir; /* Add the closure of store paths to the chroot. */ |