[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: Simplify remouting with MS_PRIVATE in sandbox build
|
From: |
Andy Wingo |
|
Subject: |
01/02: Simplify remouting with MS_PRIVATE in sandbox build |
|
Date: |
Fri, 18 Aug 2017 05:53:44 -0400 (EDT) |
wingo pushed a commit to branch master
in repository guix.
commit 842e0e439a22081be1b4fed7ddc21d6d228afd10
Author: Jörg Thalheim <address@hidden>
Date: Fri Nov 25 00:08:34 2016 +0100
Simplify remouting with MS_PRIVATE in sandbox build
also fix race condition if mounts are added after mountinfo is read.
---
nix/libstore/build.cc | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 63540dd..d68e8b2 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -2086,12 +2086,8 @@ void DerivationGoal::runChild()
outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */
- Strings mounts =
tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
- foreach (Strings::iterator, i, mounts) {
- vector<string> fields = tokenizeString<vector<string> >(*i, "
");
- string fs = decodeOctalEscaped(fields.at(4));
- if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
- throw SysError(format("unable to make filesystem `%1%'
private") % fs);
+ if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
+ throw SysError("unable to make ‘/’ private mount");
}
/* Bind-mount chroot directory to itself, to treat it as a