maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Simplify remouting with MS_PRIVATE in sandbox build

Browse source 
also fix race condition if mounts are added after mountinfo is read.
This commit is contained in:
Jörg Thalheim 2016-11-25 00:08:34 +01:00
parent 7ee43df862
commit 855abd85d8
No known key found for this signature in database
GPG key ID: CA4106B8D7CC79FA
1 changed files with 2 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build.cc
View file

@ -2283,12 +2283,8 @@ void DerivationGoal::runChild()
outside of the namespace. Making a subtree private is outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */ does not affect the outside world. */
Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n"); if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
for (auto & i : mounts) { throw SysError("unable to make / private mount");
vector<string> fields = tokenizeString<vector<string> >(i, " ");
string fs = decodeOctalEscaped(fields.at(4));
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
throw SysError(format("unable to make filesystem %1% private") % fs);
} }
/* Bind-mount chroot directory to itself, to treat it as a /* Bind-mount chroot directory to itself, to treat it as a