72 lines
1.4 KiB
Nix
72 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
stdenv,
|
|
fetchFromGitHub,
|
|
autoconf,
|
|
bison,
|
|
flex,
|
|
libtool,
|
|
pkg-config,
|
|
which,
|
|
libnl,
|
|
protobuf,
|
|
protobufc,
|
|
shadow,
|
|
installShellFiles,
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "nsjail";
|
|
version = "3.4";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "google";
|
|
repo = "nsjail";
|
|
rev = version;
|
|
fetchSubmodules = true;
|
|
hash = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";
|
|
};
|
|
|
|
nativeBuildInputs = [
|
|
autoconf
|
|
bison
|
|
flex
|
|
installShellFiles
|
|
libtool
|
|
pkg-config
|
|
which
|
|
];
|
|
buildInputs = [
|
|
libnl
|
|
protobuf
|
|
protobufc
|
|
];
|
|
enableParallelBuilding = true;
|
|
|
|
env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ];
|
|
|
|
preBuild = ''
|
|
makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap')
|
|
'';
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
install -Dm755 nsjail "$out/bin/nsjail"
|
|
installManPage nsjail.1
|
|
runHook postInstall
|
|
'';
|
|
|
|
meta = with lib; {
|
|
description = "Light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
|
|
homepage = "https://nsjail.dev/";
|
|
changelog = "https://github.com/google/nsjail/releases/tag/${version}";
|
|
license = licenses.asl20;
|
|
maintainers = with maintainers; [
|
|
arturcygan
|
|
bosu
|
|
c0bw3b
|
|
];
|
|
platforms = platforms.linux;
|
|
mainProgram = "nsjail";
|
|
};
|
|
}
|