guix-bioinformatics
/
guix
mirror of http://git.savannah.gnu.org/git/guix.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Simplify remouting with MS_PRIVATE in sandbox build 

also fix race condition if mounts are added after mountinfo is read.
python-updates
Jörg Thalheim 6 years ago
committed by Andy Wingo
parent
2559401037
commit
842e0e439a
No known key found for this signature in database GPG Key ID: A8803732E4436885
1 changed files with 2 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      nix/libstore/build.cc

8
nix/libstore/build.cc
View File

@ -2086,12 +2086,8 @@ void DerivationGoal::runChild()
outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */
Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
foreach (Strings::iterator, i, mounts) {
vector<string> fields = tokenizeString<vector<string> >(*i, " ");
string fs = decodeOctalEscaped(fields.at(4));
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
throw SysError(format("unable to make filesystem `%1%' private") % fs);
if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
throw SysError("unable to make ‘/’ private mount");
}
/* Bind-mount chroot directory to itself, to treat it as a

Write Preview
Loading…
Cancel
Save