buildFHSUserEnvBubblewrap: add dieWithParent option, and /etc/nix

Allows for processes which fork to not be immediately
killed when the parent process dies.
This commit is contained in:
Jonathan Ringer 2021-04-07 22:16:30 -07:00 committed by Jonathan Ringer
parent 4518794ee5
commit 73a0b6c826

View File

@ -14,6 +14,7 @@ args @ {
, unshareNet ? false
, unshareUts ? true
, unshareCgroup ? true
, dieWithParent ? true
, ...
}:
@ -22,7 +23,7 @@ let
buildFHSEnv = callPackage ./env.nix { };
env = buildFHSEnv (removeAttrs args [
"runScript" "extraInstallCommands" "meta" "passthru"
"runScript" "extraInstallCommands" "meta" "passthru" "dieWithParent"
"unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"
]);
@ -30,6 +31,13 @@ let
files = [
# NixOS Compatibility
"static"
"nix" # mainly for nixUnstable users, but also for access to nix/netrc
# Shells
"bashrc"
"zshenv"
"zshrc"
"zinputrc"
"zprofile"
# Users, Groups, NSS
"passwd"
"group"
@ -136,7 +144,7 @@ let
${lib.optionalString unshareNet "--unshare-net"}
${lib.optionalString unshareUts "--unshare-uts"}
${lib.optionalString unshareCgroup "--unshare-cgroup"}
--die-with-parent
${lib.optionalString dieWithParent "--die-with-parent"}
--ro-bind /nix /nix
# Our glibc will look for the cache in its own path in `/nix/store`.
# As such, we need a cache to exist there, because pressure-vessel