Github messages for voidlinux
 help / color / mirror / Atom feed
* [ISSUE] nix: do not disable sandbox by default
@ 2022-02-17 16:58 Cloudef
  2022-02-17 16:58 ` Cloudef
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: Cloudef @ 2022-02-17 16:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1574 bytes --]

New issue by Cloudef on void-packages repository

https://github.com/void-linux/void-packages/issues/35666

Description:
### System

* xuname:  Void 5.12.14_1 x86_64-musl AuthenticAMD uptodate rFFFF
* package:  nix-2.3.12_1

### Expected behavior

/etc/nix.conf should have sandbox on, and should build packages as expected in such isolated environment.

### Actual behavior

/etc/nix.conf has sandbox turned off by default, and it fails unexpectedly when turned on due to a misconfiguration with sandbox-paths. Nix mounts `/bin/sh` into the sandboxed namespace, but this binary is linked against musl libc and thus fails to work in such a sandboxed environment.

The workaround is to install busybox-static and edit sandbox-paths in /etc/nix.conf so that /bin/sh points to busybox.static instead.

### Steps to reproduce the behavior

1. Install nix and make sure sandboxing is turned on (restart daemon)
2. Use the following default.nix
```nix
{ pkgs ? import <nixpkgs> {} }:

pkgs.buildPackages.rustPlatform.buildRustPackage rec {
  pname = "diesel-cli-ext";
  version = "0.3.6";
  cargoSha256 = "1npmr1sy7d6gv7j3r8c03c7k7c9fv0kvipl96cm6g1c90qqba2hx";
  src = pkgs.fetchCrate {
    inherit version;
    crateName = "diesel_cli_ext";
    sha256 = "0zf98kydxgb9mc77x7r4d0vmkfzgi5h4h6n1dhpgq2if9ybyci0b";
  };
}
```
3. build will fail with misleading error:
```
tar (child): gzip: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
```
4. strace reveals the tar actually does `/bin/sh -c gzip` 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
@ 2022-02-17 16:58 ` Cloudef
  2022-06-24  2:16 ` github-actions
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: Cloudef @ 2022-02-17 16:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 276 bytes --]

New comment by Cloudef on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1043187650

Comment:
I also filled bug in nix as nix probably should detect this kind of misconfiguration early: https://github.com/NixOS/nix/issues/6113

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
  2022-02-17 16:58 ` Cloudef
@ 2022-06-24  2:16 ` github-actions
  2022-06-24  5:11 ` Cloudef
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: github-actions @ 2022-06-24  2:16 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1165111442

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
  2022-02-17 16:58 ` Cloudef
  2022-06-24  2:16 ` github-actions
@ 2022-06-24  5:11 ` Cloudef
  2022-09-24  2:14 ` github-actions
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: Cloudef @ 2022-06-24  5:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 158 bytes --]

New comment by Cloudef on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1165202244

Comment:
Still relevant

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
                   ` (2 preceding siblings ...)
  2022-06-24  5:11 ` Cloudef
@ 2022-09-24  2:14 ` github-actions
  2022-09-24  6:33 ` Cloudef
  2022-12-25  1:58 ` github-actions
  5 siblings, 0 replies; 7+ messages in thread
From: github-actions @ 2022-09-24  2:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1256834988

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
                   ` (3 preceding siblings ...)
  2022-09-24  2:14 ` github-actions
@ 2022-09-24  6:33 ` Cloudef
  2022-12-25  1:58 ` github-actions
  5 siblings, 0 replies; 7+ messages in thread
From: Cloudef @ 2022-09-24  6:33 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 158 bytes --]

New comment by Cloudef on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1256880179

Comment:
Still relevant

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: nix: do not disable sandbox by default
  2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
                   ` (4 preceding siblings ...)
  2022-09-24  6:33 ` Cloudef
@ 2022-12-25  1:58 ` github-actions
  5 siblings, 0 replies; 7+ messages in thread
From: github-actions @ 2022-12-25  1:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/35666#issuecomment-1364610920

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-12-25  1:58 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-17 16:58 [ISSUE] nix: do not disable sandbox by default Cloudef
2022-02-17 16:58 ` Cloudef
2022-06-24  2:16 ` github-actions
2022-06-24  5:11 ` Cloudef
2022-09-24  2:14 ` github-actions
2022-09-24  6:33 ` Cloudef
2022-12-25  1:58 ` github-actions

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).