nixos/lib/eval-config.nix: toString modulesPath

Referencing modulesPath in NixOS configurations can cause evaluation errors in restricted mode. If used as `${modulesPath}` (as in all use-sites in nixpkgs) the modules subtree is copied into its own store path. Access to this path will be forbidden in restricted mode. Converting to a string solves this issue. `${builtins.toString modulesPath}` will point to a subdirectory of the nixpkgs tree out of which evalModules is called. This change converts modulesPath to a string by default so that the call-site doesn't have to anymore.
author: Andreas Herrmann <andreash87@gmx.ch> 2018-10-29 13:06:55 +0100
committer: Andreas Herrmann <andreash87@gmx.ch> 2018-10-29 15:46:20 +0100
commit: 044ceae2806480555a44c91c386546cffb46ba74 (patch)
tree: f5c352b223d433904ee099e8ce88e3b3f74e8c39 /nixos/lib/eval-config.nix
parent: ebffa9fd06af825d161d9da8d43f93ddb6b1f313 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
index a87b285c5b7..98b9a7e9e43 100644
--- a/nixos/lib/eval-config.nix
+++ b/nixos/lib/eval-config.nix
@@ -49,7 +49,8 @@ in rec {
     inherit prefix check;
     modules = modules ++ extraModules ++ baseModules ++ [ pkgsModule ];
     args = extraArgs;
-    specialArgs = { modulesPath = ../modules; } // specialArgs;
+    specialArgs =
+      { modulesPath = builtins.toString ../modules; } // specialArgs;
   }) config options;
 
   # These are the extra arguments passed to every module.  In
author	Andreas Herrmann <andreash87@gmx.ch>	2018-10-29 13:06:55 +0100
committer	Andreas Herrmann <andreash87@gmx.ch>	2018-10-29 15:46:20 +0100
commit	044ceae2806480555a44c91c386546cffb46ba74 (patch)
tree	f5c352b223d433904ee099e8ce88e3b3f74e8c39 /nixos/lib/eval-config.nix
parent	ebffa9fd06af825d161d9da8d43f93ddb6b1f313 (diff)