landlock-sandboxer: build against headers which match the sandboxer source

2024-02-01 13:53:39 +00:00 · 2024-02-01 13:53:39 +00:00 · 4f352c5725
parent 17f35a3619
commit 4f352c5725
1 changed files with 16 additions and 0 deletions
--- a/pkgs/additional/landlock-sandboxer/default.nix
+++ b/pkgs/additional/landlock-sandboxer/default.nix
@ -3,12 +3,24 @@
 # but it will complain (stderr) about an update being available if kernel max ABI != sandbox max ABI.
 { stdenv
 , linux
+, makeLinuxHeaders
 }:
+let
+  linuxHeaders = makeLinuxHeaders {
+    inherit (linux) src version;
+  };
+in
 stdenv.mkDerivation rec {
  pname = "landlock-sandboxer";
  version = linux.version;
  src = linux.src;

+  NIX_DEBUG = 6;
+
+  buildInputs = [
+    linuxHeaders  # to get the right linux headers!
+  ];
+
  # sourceRoot = "linux-${version}/samples/landlock";
  preBuild = ''
    cd samples/landlock
@ -20,6 +32,10 @@ stdenv.mkDerivation rec {
    install -m755 sandboxer $out/bin
  '';

+  passthru = {
+    inherit linuxHeaders;
+  };
+
  meta = {
    description = ''
      The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.