about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-05-03T08·44+0200
committerEelco Dolstra <edolstra@gmail.com>2019-05-03T08·48+0200
commitf9a2ea44867cd1dbb408bca4df0ced806137b7f7 (patch)
treef0dcb7d07f3006fbebd7ea0ce30a7783423bd329 /src
parent989cb3777753024072160776ea37348689b89d44 (diff)
Fix "Bad system call" running i686-linux binaries on x86_64-linux
To determine which seccomp filters to install, we were incorrectly
using settings.thisSystem, which doesn't denote the actual system when
--system is used.

Fixes #2791.
Diffstat (limited to 'src')
-rw-r--r--src/libstore/build.cc8
-rw-r--r--src/libutil/util.cc3
-rw-r--r--src/libutil/util.hh4
3 files changed, 11 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index dbadfacd51..91eb97dfb8 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2510,17 +2510,17 @@ void setupSeccomp()
         seccomp_release(ctx);
     });
 
-    if (settings.thisSystem == "x86_64-linux" &&
+    if (nativeSystem == "x86_64-linux" &&
         seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
         throw SysError("unable to add 32-bit seccomp architecture");
 
-    if (settings.thisSystem == "x86_64-linux" &&
+    if (nativeSystem == "x86_64-linux" &&
         seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
         throw SysError("unable to add X32 seccomp architecture");
 
-    if (settings.thisSystem == "aarch64-linux" &&
+    if (nativeSystem == "aarch64-linux" &&
         seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
-        printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
+        printError("unable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes");
 
     /* Prevent builders from creating setuid/setgid binaries. */
     for (int perm : { S_ISUID, S_ISGID }) {
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index e3dcd246c6..a717056653 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -38,6 +38,9 @@ extern char * * environ;
 namespace nix {
 
 
+const std::string nativeSystem = SYSTEM;
+
+
 BaseError & BaseError::addPrefix(const FormatOrString & fs)
 {
     prefix_ = fs.s + prefix_;
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index 9f239bff37..54936a5cb1 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -30,6 +30,10 @@ struct Sink;
 struct Source;
 
 
+/* The system for which Nix is compiled. */
+extern const std::string nativeSystem;
+
+
 /* Return an environment variable. */
 string getEnv(const string & key, const string & def = "");
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-07-09T04·15+0000