Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 96b08bd8e39a
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 2335e7354f8a
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on Nov 28, 2020

  1. firejail: fix -overlay and -build functionality on NixOS 

    - The `-overlay` flag runs the specified binary inside an OverlayFS,
  since the /nix store may be in a different mount point than the user
  home, this patch explicitly bind mounts it so it's available inside
  the overlay.

- profile builder: firejail provides facilities to build a new profiles.
  To do so, it execute the helper binary `fbuilder`, which in turn will
  execute firejail back with different options. This patch makes it use
  the binary available in PATH instead of the one produced at compile time.
  The compiled firejail binary doesn't have the necessary permissions,
  so the firejail NixOS module wraps it in a SUID wrapper available on
  PATH at runtime.

Signed-off-by: Roosembert Palacios <roosemberth@posteo.ch>
(cherry picked from commit 831c700)
    @roosemberth
    roosemberth committed Nov 28, 2020
    Copy the full SHA
    89348e9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #105234 from roosemberth/fixes/20.09-firejail 

    [20.09] firejail: fix -overlay and -build functionality on NixOS
    @7c6f434c
    7c6f434c committed Nov 28, 2020
    Copy the full SHA
    2335e73 View commit details
    Browse the repository at this point in the history