From 71352ff5d1ef4c1546f2fdfd2e7b9f9a97d56cbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Wed, 4 Mar 2026 16:49:54 +0100
Subject: [PATCH] Restrict paths added to bwrap in nix-portable

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
---
 pkgs/nix-portable/default.nix | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/pkgs/nix-portable/default.nix b/pkgs/nix-portable/default.nix
index c504d7da..0bbc44ae 100644
--- a/pkgs/nix-portable/default.nix
+++ b/pkgs/nix-portable/default.nix
@@ -285,16 +285,7 @@ let
 
 
     collectBinds(){
-      ### gather paths to bind for proot
-      # we cannot bind / to / without running into a lot of trouble, therefore
-      # we need to collect all top level directories and bind them inside an empty root
-
-      # for termux a fallback is needed as enumerating top level directories fails
-      if ! pathsTopLevel="\$(find / -mindepth 1 -maxdepth 1 -not -name nix -not -name dev 2>&3)"; then
-        debug "Error: unable to list top level directories. Falling back to default binds."
-        pathsTopLevel="/etc /proc"
-      fi
-
+      pathsTopLevel="/boot /run /sys \$PWD /gpfs /tmp /scratch"
 
       toBind=""
       for p in \$pathsTopLevel; do