Unverified Commit 64a5bece authored by Jared Baur's avatar Jared Baur Committed by GitHub
Browse files

buildFHSEnvBubblewrap: do not use read-only bind on /nix (#463881)

parents d0c6de31 1ccfe2eb

pkgs/build-support/build-fhsenv-bubblewrap/default.nix

+1 −1
Original line number Diff line number Diff line
@@ -288,7 +288,7 @@ let 
        ${optionalString unshareUts "--unshare-uts"}

        ${optionalString unshareCgroup "--unshare-cgroup"}

        ${optionalString dieWithParent "--die-with-parent"}

        --ro-bind /nix /nix

        --bind /nix /nix

        ${optionalString privateTmp "--tmpfs /tmp"}

        # Our glibc will look for the cache in its own path in `/nix/store`.

        # As such, we need a cache to exist there, because pressure-vessel