I was attempting to debug a test failure for something I’m trying to package and noticed it created (or at least tried to create) a unix socket (in /tmp), so I wanted to check if it was erroring out because of Nix. Is this permitted within fully sandboxed builds?
3 Likes
I tried the following derivation to test if Unix sockets can be created in /tmp and used:
pkgs.stdenv.mkDerivation {
pname = "a";
version = "1.0";
unpackPhase = ''true'';
dontConfigure = true;
dontBuild = true;
dontPatchELF = true;
dontStrip = true;
installPhase = ''
mkdir -p $out
ls -la / > $out/dirs
export > $out/vars
${pkgs.netcat}/bin/nc -lkU /tmp/socket.sock > $out/nc &
sleep 1
ls -latr /tmp >> $out/tmp
echo "Hello World" | ${pkgs.netcat}/bin/nc -U /tmp/socket.sock &
sleep 1
'';
};
With the following results:
result ❯ cat dirs ✘ INT
total 4
drwxr-x--- 9 nobody nixbld 9 May 15 08:58 .
drwxr-x--- 9 nobody nixbld 9 May 15 08:58 ..
drwxr-xr-x 2 nobody nogroup 3 May 15 08:58 bin
drwx------ 2 nixbld nixbld 3 May 15 08:58 build
drwxr-xr-x 4 nobody nogroup 16 May 15 08:58 dev
dr-xr-xr-x 2 nobody nogroup 5 May 15 08:58 etc
drwxr-xr-x 3 nobody nogroup 3 May 15 08:58 nix
dr-xr-xr-x 399 nobody nogroup 0 May 15 08:58 proc
drwxrwxrwt 2 nobody nogroup 2 May 15 08:58 tmp
So, /tmp exists. Then:
result ❯ cat tmp
total 2
drwxr-x--- 9 nobody nixbld 9 May 15 08:58 ..
srwxr-xr-x 1 nixbld nixbld 0 May 15 08:58 socket.sock
drwxrwxrwt 2 nobody nogroup 3 May 15 08:58 .
The socket can be created. And finally:
result ❯ cat nc
Hello World
At least using netcat, the socket can be used for communication.
2 Likes
That would indicate it’s more likely to be an actual test failure then, thanks!