From 9a0855bbb6546e792848e551e79f8efc40782eeb Mon Sep 17 00:00:00 2001
From: Matthew Bauer <mjbauer95@gmail.com>
Date: Tue, 30 Jul 2019 17:52:42 -0400
Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20rely=20on=20EPERM?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

startProcess does not appear to send the exit code to the helper
correctly. Not sure why this is, but it is probably safe to just
fallback on all sandbox errors.
---
 src/libstore/build.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index dd08ce7d..0f71e751 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2320,7 +2320,7 @@ void DerivationGoal::startBuilder()
                parent. This is only done when sandbox-fallback is set
                to true (the default). */
             if (child == -1 && (errno == EPERM || errno == EINVAL) && settings.sandboxFallback)
-                _exit(EPERM);
+                _exit(1);
             if (child == -1) throw SysError("cloning builder process");
 
             writeFull(builderOut.writeSide.get(), std::to_string(child) + "\n");
@@ -2328,7 +2328,7 @@ void DerivationGoal::startBuilder()
         }, options);
 
         int res = helper.wait();
-        if (res == EPERM && settings.sandboxFallback) {
+        if (res != 0 && settings.sandboxFallback) {
             useChroot = false;
             goto fallback;
         } else if (res != 0)