maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restore parent mount namespace before executing a child process

Browse source 
This ensures that they can't write to /nix/store. Fixes #2535.
This commit is contained in:
Eelco Dolstra 2018-11-13 16:15:30 +01:00
parent 56f6e382be
commit a0ef21262f
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
8 changed files with 48 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/libutil/util.cc
View file

@ -936,6 +936,7 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
throw SysError("setting death signal");
#endif
restoreAffinity();
restoreMountNamespace();
fun();
} catch (std::exception & e) {
try {
@ -1504,4 +1505,26 @@ std::unique_ptr<InterruptCallback> createInterruptCallback(std::function<void()>
return std::unique_ptr<InterruptCallback>(res.release());
}
static AutoCloseFD fdSavedMountNamespace;
void saveMountNamespace()
{
#if __linux__
std::once_flag done;
std::call_once(done, []() {
fdSavedMountNamespace = open("/proc/self/ns/mnt", O_RDONLY);
if (!fdSavedMountNamespace)
throw SysError("saving parent mount namespace");
});
#endif
}
void restoreMountNamespace()
{
#if __linux__
if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
throw SysError("restoring parent mount namespace");
#endif
}
}