Fix using restricted mode with chroots

This commit is contained in:
Eelco Dolstra 2015-04-16 18:46:17 +02:00
parent 1e4a4a2e9f
commit 035aeb9547
4 changed files with 9 additions and 0 deletions

View File

@ -292,6 +292,11 @@ Path EvalState::checkSourcePath(const Path & path_)
if (path == i.second || isInDir(path, i.second))
return path;
/* Hack to support the chroot dependencies of corepkgs (see
corepkgs/config.nix.in). */
if (path == settings.nixPrefix && isStorePath(settings.nixPrefix))
return path;
throw RestrictedPathError(format("access to path %1% is forbidden in restricted mode") % path_);
}

View File

@ -67,6 +67,7 @@ Settings::Settings()
void Settings::processEnvironment()
{
nixPrefix = NIX_PREFIX;
nixStore = canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR)));
nixDataDir = canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR));
nixLogDir = canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR));

View File

@ -42,6 +42,8 @@ struct Settings {
Path nixDataDir; /* !!! fix */
Path nixPrefix;
/* The directory where we log various operations. */
Path nixLogDir;

View File

@ -15,6 +15,7 @@ ifeq ($(OS), SunOS)
endif
libstore_CXXFLAGS = \
-DNIX_PREFIX=\"$(prefix)\" \
-DNIX_STORE_DIR=\"$(storedir)\" \
-DNIX_DATA_DIR=\"$(datadir)\" \
-DNIX_STATE_DIR=\"$(localstatedir)/nix\" \