pkgs/tools/security/nsjail/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / nsjail / default.nix

at netboot-syslinux-multiplatform 39 lines 1.2 kB view raw

 1{ lib, stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkg-config, which
 2, libnl, protobuf, protobufc, shadow, installShellFiles
 3}:
 4
 5stdenv.mkDerivation rec {
 6  pname = "nsjail";
 7  version = "3.3";
 8
 9  src = fetchFromGitHub {
10    owner           = "google";
11    repo            = "nsjail";
12    rev             = version;
13    fetchSubmodules = true;
14    hash            = "sha256-L5x3rUDd1nXxDjoP/ZErQa02w2MJSkMBlgu00cy1D3M=";
15  };
16
17  nativeBuildInputs = [ autoconf bison flex installShellFiles libtool pkg-config which ];
18  buildInputs = [ libnl protobuf protobufc ];
19  enableParallelBuilding = true;
20
21  preBuild = ''
22    makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
23  '';
24
25  installPhase = ''
26    runHook preInstall
27    install -Dm755 nsjail "$out/bin/nsjail"
28    installManPage nsjail.1
29    runHook postInstall
30  '';
31
32  meta = with lib; {
33    description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
34    homepage    = "https://nsjail.dev/";
35    license     = licenses.asl20;
36    maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
37    platforms   = platforms.linux;
38  };
39}