No description
524f89f139
It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html. |
||
|---|---|---|
| config | ||
| corepkgs | ||
| doc | ||
| misc | ||
| mk | ||
| perl | ||
| scripts | ||
| src | ||
| tests | ||
| .gitignore | ||
| bootstrap.sh | ||
| configure.ac | ||
| COPYING | ||
| dev-shell | ||
| INSTALL | ||
| local.mk | ||
| Makefile | ||
| Makefile.config.in | ||
| nix.spec.in | ||
| README | ||
| release.nix | ||
| version | ||
Nix is a purely functional package manager. For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://nixos.org/>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).