From 516309b3450efd106238957987a66b1881fc8f5f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 13 Oct 2021 16:25:28 +0200 Subject: [PATCH] Remove sandbox=false MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The sandbox was (probably) enabled due to the .stack/shell.nix files: it made use of buildStackProject, which requires to run outside of the sandbox for some reason ( https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/generic-stack-builder.nix#L25 ). Now that this file is not used anymore, we can reenable the sandbox. It should help fix in particular this recent issue we’re facing in the CI: https://github.com/jfischoff/tmp-postgres/issues/251 --- alpine/Dockerfile | 3 +-- debian/Dockerfile | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/alpine/Dockerfile b/alpine/Dockerfile index db794af..8d6431f 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -12,8 +12,7 @@ RUN addgroup -g 30000 -S nixbld \ && mkdir -m 0755 /nix && chown nixuser /nix \ && apk add --no-cache bash xz \ && rm -rf /var/cache/apk/* \ - # sandboxing enabled by default since 2.2 - && mkdir -p /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf + && mkdir -p /etc/nix && touch /etc/nix/nix.conf USER nixuser ENV USER=nixuser diff --git a/debian/Dockerfile b/debian/Dockerfile index 632a741..336cd0d 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -12,8 +12,7 @@ RUN addgroup --gid 30000 --system nixbld \ && mkdir -m 0755 /nix && chown nixuser /nix \ && apt update && apt install -y wget xz-utils \ && apt clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ - # sandboxing enabled by default since 2.2 - && mkdir -p /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf + && mkdir -p /etc/nix && touch /etc/nix/nix.conf USER nixuser ENV USER=nixuser -- 2.41.0