libstore/unix/derivation-builder: error earlier when sandbox path is inaccessible

Author: cole-h

src/libstore/unix/build/derivation-builder.cc

@@ -992,10 +992,24 @@ void DerivationBuilderImpl::startBuilder()
                 i.pop_back();
             }
             size_t p = i.find('=');
-            if (p == std::string::npos)
-                pathsInChroot[i] = {i, optional};
-            else
-                pathsInChroot[i.substr(0, p)] = {i.substr(p + 1), optional};
+
+            std::string inside, outside;
+            if (p == std::string::npos) {
+                inside = i;
+                outside = i;
+            } else {
+                inside = i.substr(0, p);
+                outside = i.substr(p + 1);
+            }
+
+            auto maybeSt = maybeLstat(outside);
+            if (!maybeSt) {
+                if (!optional) {
+                  throw SysError("path '%s' is configured as part of the `sandbox-paths` option, but is inaccessible", outside);
+                }
+            }
+
+            pathsInChroot[inside] = {outside, optional};
         }
         if (hasPrefix(store.storeDir, tmpDirInSandbox))
         {