diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2019-07-13T15·08+0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-13T15·08+0200 |
| commit | 2f853b20df9e44d637292bc02e32665f6d036568 (patch) | |
| tree | a2af61b16fa1c9d6ad5942571a2cd344d93947ee | |
| parent | 53247d6b116905e7233b1efd6c14845e20d27442 (diff) | |
| parent | ec0087df0a2da5c68363b3f4509d4545deed97a0 (diff) | |
Merge pull request #2975 from matthewbauer/fix-nsswitch-issue
Don’t use entire /etc/nsswitch.conf file
| -rw-r--r-- | src/libstore/build.cc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 350ac4092854..cf6428e12467 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2734,7 +2734,13 @@ void DerivationGoal::runChild() on. */ if (fixedOutput) { ss.push_back("/etc/resolv.conf"); - ss.push_back("/etc/nsswitch.conf"); + + // Only use nss functions to resolve hosts and + // services. Don’t use it for anything else that may + // be configured for this system. This limits the + // potential impurities introduced in fixed outputs. + writeFile(chrootRootDir + "/etc/nsswitch.conf", "hosts: files dns\nservices: files\n"); + ss.push_back("/etc/services"); ss.push_back("/etc/hosts"); if (pathExists("/var/run/nscd/socket")) |