diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2019-05-03T08·44+0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2019-05-03T08·48+0200 |
commit | f9a2ea44867cd1dbb408bca4df0ced806137b7f7 (patch) | |
tree | f0dcb7d07f3006fbebd7ea0ce30a7783423bd329 /src | |
parent | 989cb3777753024072160776ea37348689b89d44 (diff) |
Fix "Bad system call" running i686-linux binaries on x86_64-linux
To determine which seccomp filters to install, we were incorrectly using settings.thisSystem, which doesn't denote the actual system when --system is used. Fixes #2791.
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/build.cc | 8 | ||||
-rw-r--r-- | src/libutil/util.cc | 3 | ||||
-rw-r--r-- | src/libutil/util.hh | 4 |
3 files changed, 11 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index dbadfacd51ef..91eb97dfb873 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2510,17 +2510,17 @@ void setupSeccomp() seccomp_release(ctx); }); - if (settings.thisSystem == "x86_64-linux" && + if (nativeSystem == "x86_64-linux" && seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0) throw SysError("unable to add 32-bit seccomp architecture"); - if (settings.thisSystem == "x86_64-linux" && + if (nativeSystem == "x86_64-linux" && seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0) throw SysError("unable to add X32 seccomp architecture"); - if (settings.thisSystem == "aarch64-linux" && + if (nativeSystem == "aarch64-linux" && seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0) - printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes."); + printError("unable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes"); /* Prevent builders from creating setuid/setgid binaries. */ for (int perm : { S_ISUID, S_ISGID }) { diff --git a/src/libutil/util.cc b/src/libutil/util.cc index e3dcd246c681..a7170566533e 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -38,6 +38,9 @@ extern char * * environ; namespace nix { +const std::string nativeSystem = SYSTEM; + + BaseError & BaseError::addPrefix(const FormatOrString & fs) { prefix_ = fs.s + prefix_; diff --git a/src/libutil/util.hh b/src/libutil/util.hh index 9f239bff371a..54936a5cb10b 100644 --- a/src/libutil/util.hh +++ b/src/libutil/util.hh @@ -30,6 +30,10 @@ struct Sink; struct Source; +/* The system for which Nix is compiled. */ +extern const std::string nativeSystem; + + /* Return an environment variable. */ string getEnv(const string & key, const string & def = ""); |