diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-04-16T16·46+0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-04-16T16·46+0200 |
commit | 035aeb9547d4a33fe9037bc86f2ceeb9cbcf847b (patch) | |
tree | 73504e4ccbae4cc115c0148a25d7c7adaf774499 | |
parent | 1e4a4a2e9fc382f47f58b448f3ee034cdd28218a (diff) |
Fix using restricted mode with chroots
-rw-r--r-- | src/libexpr/eval.cc | 5 | ||||
-rw-r--r-- | src/libstore/globals.cc | 1 | ||||
-rw-r--r-- | src/libstore/globals.hh | 2 | ||||
-rw-r--r-- | src/libstore/local.mk | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index d8a4193a8e64..301f991b7ab9 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -292,6 +292,11 @@ Path EvalState::checkSourcePath(const Path & path_) if (path == i.second || isInDir(path, i.second)) return path; + /* Hack to support the chroot dependencies of corepkgs (see + corepkgs/config.nix.in). */ + if (path == settings.nixPrefix && isStorePath(settings.nixPrefix)) + return path; + throw RestrictedPathError(format("access to path ‘%1%’ is forbidden in restricted mode") % path_); } diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 143260674d8c..d5615d93c7d0 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -67,6 +67,7 @@ Settings::Settings() void Settings::processEnvironment() { + nixPrefix = NIX_PREFIX; nixStore = canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR))); nixDataDir = canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR)); nixLogDir = canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR)); diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 7add7cf7c523..60b11afe6088 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -42,6 +42,8 @@ struct Settings { Path nixDataDir; /* !!! fix */ + Path nixPrefix; + /* The directory where we log various operations. */ Path nixLogDir; diff --git a/src/libstore/local.mk b/src/libstore/local.mk index 78b4d0fd4b94..771c06753a65 100644 --- a/src/libstore/local.mk +++ b/src/libstore/local.mk @@ -15,6 +15,7 @@ ifeq ($(OS), SunOS) endif libstore_CXXFLAGS = \ + -DNIX_PREFIX=\"$(prefix)\" \ -DNIX_STORE_DIR=\"$(storedir)\" \ -DNIX_DATA_DIR=\"$(datadir)\" \ -DNIX_STATE_DIR=\"$(localstatedir)/nix\" \ |