From 044ceae2806480555a44c91c386546cffb46ba74 Mon Sep 17 00:00:00 2001 From: Andreas Herrmann Date: Mon, 29 Oct 2018 13:06:55 +0100 Subject: [PATCH] nixos/lib/eval-config.nix: toString modulesPath Referencing modulesPath in NixOS configurations can cause evaluation errors in restricted mode. If used as `${modulesPath}` (as in all use-sites in nixpkgs) the modules subtree is copied into its own store path. Access to this path will be forbidden in restricted mode. Converting to a string solves this issue. `${builtins.toString modulesPath}` will point to a subdirectory of the nixpkgs tree out of which evalModules is called. This change converts modulesPath to a string by default so that the call-site doesn't have to anymore. --- nixos/lib/eval-config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index a87b285c5b7b..98b9a7e9e43b 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -49,7 +49,8 @@ in rec { inherit prefix check; modules = modules ++ extraModules ++ baseModules ++ [ pkgsModule ]; args = extraArgs; - specialArgs = { modulesPath = ../modules; } // specialArgs; + specialArgs = + { modulesPath = builtins.toString ../modules; } // specialArgs; }) config options; # These are the extra arguments passed to every module. In