From 035aeb9547d4a33fe9037bc86f2ceeb9cbcf847b Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 16 Apr 2015 18:46:17 +0200
Subject: [PATCH] Fix using restricted mode with chroots

---
 src/libexpr/eval.cc     | 5 +++++
 src/libstore/globals.cc | 1 +
 src/libstore/globals.hh | 2 ++
 src/libstore/local.mk   | 1 +
 4 files changed, 9 insertions(+)

diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index d8a4193a8..301f991b7 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -292,6 +292,11 @@ Path EvalState::checkSourcePath(const Path & path_)
         if (path == i.second || isInDir(path, i.second))
             return path;
 
+    /* Hack to support the chroot dependencies of corepkgs (see
+       corepkgs/config.nix.in). */
+    if (path == settings.nixPrefix && isStorePath(settings.nixPrefix))
+        return path;
+
     throw RestrictedPathError(format("access to path ‘%1%’ is forbidden in restricted mode") % path_);
 }
 
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 143260674..d5615d93c 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -67,6 +67,7 @@ Settings::Settings()
 
 void Settings::processEnvironment()
 {
+    nixPrefix = NIX_PREFIX;
     nixStore = canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR)));
     nixDataDir = canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR));
     nixLogDir = canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR));
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 7add7cf7c..60b11afe6 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -42,6 +42,8 @@ struct Settings {
 
     Path nixDataDir; /* !!! fix */
 
+    Path nixPrefix;
+
     /* The directory where we log various operations. */
     Path nixLogDir;
 
diff --git a/src/libstore/local.mk b/src/libstore/local.mk
index 78b4d0fd4..771c06753 100644
--- a/src/libstore/local.mk
+++ b/src/libstore/local.mk
@@ -15,6 +15,7 @@ ifeq ($(OS), SunOS)
 endif
 
 libstore_CXXFLAGS = \
+ -DNIX_PREFIX=\"$(prefix)\" \
  -DNIX_STORE_DIR=\"$(storedir)\" \
  -DNIX_DATA_DIR=\"$(datadir)\" \
  -DNIX_STATE_DIR=\"$(localstatedir)/nix\" \