Restrict paths added to bwrap in nix-portable

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
2026-03-04 16:49:54 +01:00
parent 06925bc0ca
commit 71352ff5d1
1 changed files with 1 additions and 10 deletions
--- a/pkgs/nix-portable/default.nix
+++ b/pkgs/nix-portable/default.nix
@@ -285,16 +285,7 @@ let


    collectBinds(){
-      ### gather paths to bind for proot
-      # we cannot bind / to / without running into a lot of trouble, therefore
-      # we need to collect all top level directories and bind them inside an empty root
-
-      # for termux a fallback is needed as enumerating top level directories fails
-      if ! pathsTopLevel="\$(find / -mindepth 1 -maxdepth 1 -not -name nix -not -name dev 2>&3)"; then
-        debug "Error: unable to list top level directories. Falling back to default binds."
-        pathsTopLevel="/etc /proc"
-      fi
-
+      pathsTopLevel="/boot /run /sys \$PWD /gpfs /tmp /scratch"

      toBind=""
      for p in \$pathsTopLevel; do