about summary refs log tree commit diff
path: root/src/libstore/build.cc
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-07-13T15·08+0200
committerGitHub <noreply@github.com>2019-07-13T15·08+0200
commit2f853b20df9e44d637292bc02e32665f6d036568 (patch)
treea2af61b16fa1c9d6ad5942571a2cd344d93947ee /src/libstore/build.cc
parent53247d6b116905e7233b1efd6c14845e20d27442 (diff)
parentec0087df0a2da5c68363b3f4509d4545deed97a0 (diff)
Merge pull request #2975 from matthewbauer/fix-nsswitch-issue
Don’t use entire /etc/nsswitch.conf file
Diffstat (limited to 'src/libstore/build.cc')
-rw-r--r--src/libstore/build.cc8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 350ac4092854..cf6428e12467 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2734,7 +2734,13 @@ void DerivationGoal::runChild()
                on. */
             if (fixedOutput) {
                 ss.push_back("/etc/resolv.conf");
-                ss.push_back("/etc/nsswitch.conf");
+
+                // Only use nss functions to resolve hosts and
+                // services. Don’t use it for anything else that may
+                // be configured for this system. This limits the
+                // potential impurities introduced in fixed outputs.
+                writeFile(chrootRootDir + "/etc/nsswitch.conf", "hosts: files dns\nservices: files\n");
+
                 ss.push_back("/etc/services");
                 ss.push_back("/etc/hosts");
                 if (pathExists("/var/run/nscd/socket"))