fhs-userenv-bubblewrap: Preserve symlinks

Preserve top-level symlinks such as /lib -> /usr/lib. This allows nested containers such as Steam's new runtime to remount /usr if they need to and then run unmodified binaries that reference e.g. /lib/ld-linux-x86-64.so.2 Before, we would mount the fully resolved host directory at /lib and thus the dynamic loader would always be the one from the host filesystem.
2020-10-24 17:23:37 +02:00 · 2020-10-24 17:23:37 +02:00 · df4761d450
commit df4761d450
parent 3daa06cc8b
1 changed files with 9 additions and 3 deletions
--- a/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
+++ b/pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
@ -68,13 +68,18 @@ let
  bwrapCmd = { initArgs ? "" }: ''
    blacklist=(/nix /dev /proc /etc)
    ro_mounts=()
+    symlinks=()
    for i in ${env}/*; do
      path="/''${i##*/}"
      if [[ $path == '/etc' ]]; then
-        continue
-      fi
+        :
+      elif [[ -L $i ]]; then
+        symlinks+=(--symlink "$(readlink "$i")" "$path")
+        blacklist+=("$path")
+      else
        ro_mounts+=(--ro-bind "$i" "$path")
        blacklist+=("$path")
+      fi
    done

    if [[ -d ${env}/etc ]]; then
@ -114,6 +119,7 @@ let
      --ro-bind /nix /nix
      ${etcBindFlags}
      "''${ro_mounts[@]}"
+      "''${symlinks[@]}"
      "''${auto_mounts[@]}"
      ${init runScript}/bin/${name}-init ${initArgs}
    )