dockerTools: fix absent /proc during runAsRoot

The chroot environment under mnt had /dev and /sys via bind mounts, but nothing setting up /proc. The `--mount-proc` argument to unshare defaults to /proc, which is outside of the chroot envirnoment.
2020-11-04 16:11:05 +09:00 · 2020-11-04 16:11:05 +09:00 · 5b82b8d094
commit 5b82b8d094
parent 5c31f534f1
1 changed files with 5 additions and 1 deletions
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@ -410,7 +410,11 @@ rec {
        # details on what's going on here; basically this command
        # means that the runAsRootScript will be executed in a nearly
        # completely isolated environment.
-        unshare -imnpuf --mount-proc chroot mnt ${runAsRootScript}
+        #
+        # Ideally we would use --mount-proc=mnt/proc or similar, but this
+        # doesn't work. The workaround is to setup proc after unshare.
+        # See: https://github.com/karelzak/util-linux/issues/648
+        unshare -imnpuf --mount-proc sh -c 'mount --rbind /proc mnt/proc && chroot mnt ${runAsRootScript}'

        # Unmount directories and remove them.
        umount -R mnt/dev mnt/sys mnt${storeDir}