Browse Source

Simplify remouting with MS_PRIVATE in sandbox build

also fix race condition if mounts are added after mountinfo is read.
python-updates
Jörg Thalheim 6 years ago
committed by Andy Wingo
parent
commit
842e0e439a
No known key found for this signature in database GPG Key ID: A8803732E4436885
  1. 8
      nix/libstore/build.cc

8
nix/libstore/build.cc

@ -2086,12 +2086,8 @@ void DerivationGoal::runChild()
outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */
Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
foreach (Strings::iterator, i, mounts) {
vector<string> fields = tokenizeString<vector<string> >(*i, " ");
string fs = decodeOctalEscaped(fields.at(4));
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
throw SysError(format("unable to make filesystem `%1%' private") % fs);
if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
throw SysError("unable to make ‘/’ private mount");
}
/* Bind-mount chroot directory to itself, to treat it as a

Loading…
Cancel
Save