From a308b69c06e2315b07ea6a1bf98e6aad47108eab Mon Sep 17 00:00:00 2001
From: Sander <hey@sandydoo.me>
Date: Sat, 1 Feb 2025 16:44:35 +0400
Subject: [PATCH] devcontainer: disable syscall filter for the installer itself

---
 devcontainer/Dockerfile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/devcontainer/Dockerfile b/devcontainer/Dockerfile
index 5221e65cc..1c590109a 100644
--- a/devcontainer/Dockerfile
+++ b/devcontainer/Dockerfile
@@ -12,7 +12,14 @@ RUN apt-get update && \
     apt-get install -y bash curl git sudo xz-utils
 
 # Install Nix
-RUN curl -L ${NIX_INSTALL_SCRIPT} | sh -s -- --daemon --no-channel-add --nix-extra-conf-file /tmp/nix.conf
+# NOTE: The extra conf file does not apply to the install script itself.
+# We need to disable the syscall filter beforehand.
+RUN NIX_CONFIG='filter-syscalls = false' \
+    curl -L ${NIX_INSTALL_SCRIPT} | \
+    sh -s -- \
+      --daemon \
+      --no-channel-add \
+      --nix-extra-conf-file /tmp/nix.conf
 
 # Add Nix to PATH
 ENV PATH="/nix/var/nix/profiles/default/bin:${PATH}"