pkgs/tools/security/nsjail/default.nix at devShellTools-shell

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixpkgs / pkgs / tools / security / nsjail / default.nix

at devShellTools-shell 72 lines 1.4 kB view raw

wrap content

 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  autoconf,
 6  bison,
 7  flex,
 8  libtool,
 9  pkg-config,
10  which,
11  libnl,
12  protobuf,
13  protobufc,
14  shadow,
15  installShellFiles,
16}:
17
18stdenv.mkDerivation rec {
19  pname = "nsjail";
20  version = "3.4";
21
22  src = fetchFromGitHub {
23    owner = "google";
24    repo = "nsjail";
25    rev = version;
26    fetchSubmodules = true;
27    hash = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";
28  };
29
30  nativeBuildInputs = [
31    autoconf
32    bison
33    flex
34    installShellFiles
35    libtool
36    pkg-config
37    which
38  ];
39  buildInputs = [
40    libnl
41    protobuf
42    protobufc
43  ];
44  enableParallelBuilding = true;
45
46  env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ];
47
48  preBuild = ''
49    makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
50  '';
51
52  installPhase = ''
53    runHook preInstall
54    install -Dm755 nsjail "$out/bin/nsjail"
55    installManPage nsjail.1
56    runHook postInstall
57  '';
58
59  meta = with lib; {
60    description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
61    homepage = "https://nsjail.dev/";
62    changelog = "https://github.com/google/nsjail/releases/tag/${version}";
63    license = licenses.asl20;
64    maintainers = with maintainers; [
65      arturcygan
66      bosu
67      c0bw3b
68    ];
69    platforms = platforms.linux;
70    mainProgram = "nsjail";
71  };
72}