From df4761d45082d94f6a469bbcab71cee1e31719da Mon Sep 17 00:00:00 2001 From: Benedikt Morbach Date: Sat, 24 Oct 2020 17:23:37 +0200 Subject: [PATCH] fhs-userenv-bubblewrap: Preserve symlinks Preserve top-level symlinks such as /lib -> /usr/lib. This allows nested containers such as Steam's new runtime to remount /usr if they need to and then run unmodified binaries that reference e.g. /lib/ld-linux-x86-64.so.2 Before, we would mount the fully resolved host directory at /lib and thus the dynamic loader would always be the one from the host filesystem. --- .../build-fhs-userenv-bubblewrap/default.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix index 6592621570ce..dd945678e6f5 100644 --- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix +++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix @@ -68,13 +68,18 @@ let bwrapCmd = { initArgs ? "" }: '' blacklist=(/nix /dev /proc /etc) ro_mounts=() + symlinks=() for i in ${env}/*; do path="/''${i##*/}" if [[ $path == '/etc' ]]; then - continue + : + elif [[ -L $i ]]; then + symlinks+=(--symlink "$(readlink "$i")" "$path") + blacklist+=("$path") + else + ro_mounts+=(--ro-bind "$i" "$path") + blacklist+=("$path") fi - ro_mounts+=(--ro-bind "$i" "$path") - blacklist+=("$path") done if [[ -d ${env}/etc ]]; then @@ -114,6 +119,7 @@ let --ro-bind /nix /nix ${etcBindFlags} "''${ro_mounts[@]}" + "''${symlinks[@]}" "''${auto_mounts[@]}" ${init runScript}/bin/${name}-init ${initArgs} )