nix-base base snap broken, because top-level bind-mount /nix blacklisted
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
When I tried to build a snap package with nixpkgs's makeSnap tool (which almost a self-contained container image, with absolute paths, which starts from /nix, and have a dependency on nix-base snap for setting up empty directories structure). Also it rely on bind-mount $SNAP/nix -> /nix, which was blacklisted by following commit https:/
I asked on #snappy IRC, and learn, that there was some agreement about whitelisted base snaps, which allow extra top-level bind-mounts, including nix-base.
Citing from IRC:
13:48 < zyga> avn, it's a bug in snapd
13:48 < zyga> mborzecki, ^
13:48 < zyga> mborzecki, in snap/validate.
13:49 < zyga> mborzecki, can you work with avn on getting this fixed
13:49 < zyga> nix-base was something that was brought up in Montreal a few years back
13:49 < zyga> but I guess it's not tested as a working base
1 List of permitted toplevel items -- https:/
2 nix-base snap -- source https:/
3 related ticket in nixpkgs -- https:/
(I'd put there link on this ticket as well)
| Changed in snappy: | |
| assignee: | nobody → Maciej Borzecki (maciek-borzecki) |
| Changed in snappy: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Changed in snappy: | |
| assignee: | Maciej Borzecki (maciek-borzecki) → nobody |
| affects: | snappy → snapd |
