nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-27 12:41:00 +01:00
Code Activity

Don't allow writing to /etc

Browse source 
(cherry picked from commit db41f74af3)
This commit is contained in:
Yorick van Pelt 2023-02-14 12:03:34 +01:00 committed by github-actions[bot]
parent 9157f94e77
commit 58210e5306
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/linux-sandbox.sh
View file

@ -37,3 +37,6 @@ nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link
(! nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link --check -K 2> $TEST_ROOT/log)
if grep -q 'error: renaming' $TEST_ROOT/log; then false; fi
grep -q 'may not be deterministic' $TEST_ROOT/log
# Test that sandboxed builds cannot write to /etc easily
(! nix-build -E 'with import ./config.nix; mkDerivation { name = "etc-write"; buildCommand = "echo > /etc/test"; }' --no-out-link --sandbox-paths /nix/store)