This takes another approach at binding FHS directory structure. We
now bind-mount all the root filesystem to directory "/host" in the target tree.
From that we symlink all the directories into the tree if they do not already
exist in FHS structure.
This probably makes `CHROOTENV_EXTRA_BINDS` unnecessary -- its main usecase was
to add bound directories from the host to the sandbox, and we not just symlink
all of them. I plan to get some feedback on its usage and maybe deprecate it.
This also drops old `buildFHSChrootEnv` infrastructure. The main problem with it
is it's very difficult to unmount a recursive-bound directory when mount is not
sandboxed. This problem is a bug even without these changes -- if
you have for example `/home/alice` mounted to somewhere, you wouldn't see
it in `buildFHSChrootEnv` now. With the new directory structure, it's
impossible to use regular bind at all. After some tackling with this I realized
that the fix would be brittle and dangerous (if you don't unmount everything
clearly and proceed to removing the temporary directory, bye-bye fs!). It also
probably doesn't worth it because I haven't heard that someone actually uses it
for a long time, and `buildFHSUserEnv` should cover most cases while being much
more maintainable and safe for the end-user.
The update-resolve-conf script from the update-resolv-conf
package is very useful and should work in most of the common
cases, so this adds an option to enable it. The option is
disabled by default for backwards compatibility.
These overrides didn't work, because they created a mixture of different
versions of 'persistent' in the build tree. Furthermore, we cannot pin
specific versions like that in configuration-common.nix because this
breaks builds in other package sets, i.e. the LTS variants.
This update was generated by hackage2nix v20160406-31-gd9dda87 using the following inputs:
- Hackage: 4c643345f3
- LTS Haskell: 1a80e0660e
- Stackage Nightly: 3ba38d9d9e
This reverts commit 112d4c71b28c808a70dc73cbb2a1e9ad8c7c8074.
This upgrade causes a serious Plasma performance degradation and causes
incorrect font rendering. Reverting until the cause is known.
