bwrap-helper: Always bind /etc/ssl/certs

The bwrap fhs userenv uses readlink -f to resolve symlinks. It is called
in the argument list of bwrap like this:

  --ro-bind-try $(readlink -f /etc/ssl/certs) /etc/ssl/certs

Normally, readlink -f returns the passed path if there is no file at the
path. However, this only works, if the parent directory of the file
exists. Thus if /etc/ssl does not exist, readlink -f /etc/ssl/certs will
return nothing. This causes the argument list of bwrap to be wrong (it
has only one argument to --ro-bind-try when it expected two), which
causes it to fail with hard to track down errors.
This commit is contained in:
Simon Bruder 2022-03-12 16:42:06 +01:00
parent 0de69de256
commit 18652c7580
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -87,6 +87,7 @@ argument_groups = {
"--dir",
f"/run/user/{uid}",
*ro_bind("/etc/localtime"),
*ro_bind("/etc/ssl/certs"),
"--unshare-all",
"--die-with-parent",
],
@ -174,7 +175,6 @@ argument_groups = {
ro_bind,
[
"/etc/resolv.conf",
"/etc/ssl/certs",
],
),
],