Commit Graph

18 Commits

Author SHA1 Message Date
zimbatm
9b33ec1764 build-fhs-userenv: don't leak file descriptors
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
2015-12-10 16:01:04 +00:00
Nikolay Amiantov
00f6ce133c buildFHS{Chroot,User}Env: support extraInstallCommands 2015-12-04 00:58:47 +03:00
Nikolay Amiantov
46de04489b build-fhs-userenv: fix extraBindMounts 2015-10-07 14:58:37 +03:00
Nikolay Amiantov
5897433b31 build-fhs-userenv: add extraBindMounts support 2015-10-06 15:32:37 +03:00
Nikolay Amiantov
47ea8c097c buildFHSUserEnv: add .env support 2015-08-26 19:39:08 +03:00
Nikolay Amiantov
f1187c5b14 build-fhs-userenv: move /tmp handling to bash part 2015-08-24 02:01:00 +03:00
Nikolay Amiantov
ec27ba44d0 build-fhs-{chroot,user}env: expose sockets in /tmp 2015-08-24 01:47:19 +03:00
Nikolay Amiantov
19c497050e fhs-userenv: refactor and try to chdir to the current directory
runScript now expects a filename instead of a Bash snippet; thus, "exec" should be
omitted.
2015-04-22 17:50:41 +03:00
Nikolay Amiantov
508ef7e629 fhs-userenv: fix mkdirs 2015-04-22 17:50:41 +03:00
Nikolay Amiantov
b66be2a549 fhs-userenv: move mounts map 2015-04-22 17:50:40 +03:00
Nikolay Amiantov
97931361d7 fhs-userenv: refactor envvars and propagate SSL_CERT_FILE 2015-04-22 17:50:40 +03:00
Luca Bruno
b1adfeb23d fhs-userenv: Make it work on kernel < 3.19 cc @abbradar
It may not be very secure, but I think it's better to make it work
with older kernel since 3.19 is not the default on nixos.
2015-03-10 18:12:38 +01:00
lethalman
fcfe8ecc33 Merge pull request #6737 from anderspapitto/fhs
build-fhs-userenv passes through command line args
2015-03-10 17:53:32 +01:00
Anders Papitto
4bcc817521 build-fhs-userenv passes through command line args
The motivation for this change is to allow things like the
following derivation, which wraps the debian-packaged
hello binary.

let nixpkgs = import <nixpkgs> {};
    stdenv = nixpkgs.stdenv;
in rec {
  dumb-hello = stdenv.mkDerivation {
    name = "dumb-hello";
    builder = ./builder.sh;
    dpkg = nixpkgs.dpkg;
    src = nixpkgs.fetchurl {
      url = "http://ftp.us.debian.org/debian/pool/main/h/hello-traditional/hello-traditional_2.9-2_amd64.deb";
      md5 = "f5f3c28b65221dae44dda6f242c23316";
    };
  };
  full-hello = nixpkgs.buildFHSUserEnv {
    name = "full-hello";
    targetPkgs = pkgs: [ dumb-hello ];
    multiPkgs = pkgs: [ pkgs.dpkg ];
    runScript = "hello";
  };
}
2015-03-09 23:44:51 -07:00
Nikolay Amiantov
3e395b71da chroot-env: add locales, refactor environment 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
4aba7639c8 chroot-env: build /etc 2015-03-09 17:29:43 +03:00
Nikolay Amiantov
3500978b8f build-fhs-*: prefer local build 2015-02-05 20:39:01 +03:00
Nikolay Amiantov
4b3bb7b448 userFHSEnv: add build tool 2015-02-05 19:46:25 +03:00