Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] fhs-userenv-bubblewrap: Support #102178

wants to merge 2 commits into from


Copy link

@moben moben commented Oct 30, 2020

Motivation for this change

This is an effort to fix compatibility with the new steam runtime. See also #100655

There are currently 2 parts to this:

  1. Preserve the symlink structure that is created for the FHS environment when launching the bwrap container (bin --> usr/bin, ...). This is to allow things like bind-mounting another /usr inside to work like they would on another distribution with a "usr-merge" implemented and also overwrite the things in /bin.
  2. Create the setup some symlinks to allow /etc/ and /etc/ to function with our glibc. This should make our current setting of LD_LIBRARY_PATH obsolete as well and improves compatibility e.g. with games that incorrectly overwrite that instead of appending to it.

There is still a bit more testing needed until the linked issue is fully resolved. However as far as I can currently tell these changes are all that is necessarily NixOS specific.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits
@@ -1,4 +1,4 @@
{ callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }:
{ callPackage, runCommandLocal, writeShellScriptBin, stdenv, pkgs, coreutils, bubblewrap }:
Copy link

@SuperSandro2000 SuperSandro2000 Oct 30, 2020

Please don't include pkgs but glibc.

@@ -38,9 +38,10 @@ let
# these match the host's architecture, glibc_multi is used for multilib
# builds. glibcLocales must be before glibc or glibc_multi as otherwiese
# the wrong LOCALE_ARCHIVE will be used where only C.UTF-8 is available.
glibc = with pkgs; (if isMultiBuild then glibc_multi else glibc);
Copy link

@SuperSandro2000 SuperSandro2000 Oct 30, 2020

I think the infinit recursion is occurring here. Can the pkgs be removed and glibc added directly?

moben added 2 commits Nov 2, 2020
Preserve top-level symlinks such as /lib -> /usr/lib.

This allows nested containers such as Steam's new runtime to remount
/usr if they need to and then run unmodified binaries that reference
e.g. /lib/

Before, we would mount the fully resolved host directory at /lib and
thus the dynamic loader would always be the one from the host filesystem.
Copy link

@ashkitten ashkitten commented Feb 23, 2021

superseded by #114024

@ashkitten ashkitten closed this Feb 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants