Merge pull request #2975 from matthewbauer/fix-nsswitch-issue

Don’t use entire /etc/nsswitch.conf file
This commit is contained in:
Eelco Dolstra 2019-07-13 17:08:02 +02:00 committed by GitHub
commit 2f853b20df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2734,7 +2734,13 @@ void DerivationGoal::runChild()
on. */ on. */
if (fixedOutput) { if (fixedOutput) {
ss.push_back("/etc/resolv.conf"); ss.push_back("/etc/resolv.conf");
ss.push_back("/etc/nsswitch.conf");
// Only use nss functions to resolve hosts and
// services. Dont use it for anything else that may
// be configured for this system. This limits the
// potential impurities introduced in fixed outputs.
writeFile(chrootRootDir + "/etc/nsswitch.conf", "hosts: files dns\nservices: files\n");
ss.push_back("/etc/services"); ss.push_back("/etc/services");
ss.push_back("/etc/hosts"); ss.push_back("/etc/hosts");
if (pathExists("/var/run/nscd/socket")) if (pathExists("/var/run/nscd/socket"))