Unshare mount namespace in main()

Doing it as a side-effect of calling LocalStore::makeStoreWritable()
is very ugly.

Also, make sure that stopping the progress bar joins the update
thread, otherwise that thread should be unshared as well.
This commit is contained in:
Eelco Dolstra 2021-11-08 22:00:45 +01:00
parent 7a71621b7c
commit ff2af4d64e
3 changed files with 17 additions and 11 deletions

View file

@ -103,10 +103,10 @@ public:
~ProgressBar() ~ProgressBar()
{ {
stop(); stop();
updateThread.join();
} }
void stop() override void stop() override
{
{ {
auto state(state_.lock()); auto state(state_.lock());
if (!state->active) return; if (!state->active) return;
@ -115,6 +115,8 @@ public:
updateCV.notify_one(); updateCV.notify_one();
quitCV.notify_one(); quitCV.notify_one();
} }
updateThread.join();
}
bool isVerbose() override { bool isVerbose() override {
return printBuildLogs; return printBuildLogs;

View file

@ -504,10 +504,6 @@ void LocalStore::makeStoreWritable()
throw SysError("getting info about the Nix store mount point"); throw SysError("getting info about the Nix store mount point");
if (stat.f_flag & ST_RDONLY) { if (stat.f_flag & ST_RDONLY) {
saveMountNamespace();
if (unshare(CLONE_NEWNS) == -1)
throw SysError("setting up a private mount namespace");
if (mount(0, realStoreDir.get().c_str(), "none", MS_REMOUNT | MS_BIND, 0) == -1) if (mount(0, realStoreDir.get().c_str(), "none", MS_REMOUNT | MS_BIND, 0) == -1)
throw SysError("remounting %1% writable", realStoreDir); throw SysError("remounting %1% writable", realStoreDir);
} }

View file

@ -255,6 +255,14 @@ void mainWrapped(int argc, char * * argv)
initNix(); initNix();
initGC(); initGC();
#if __linux__
if (getuid() == 0) {
saveMountNamespace();
if (unshare(CLONE_NEWNS) == -1)
throw SysError("setting up a private mount namespace");
}
#endif
programPath = argv[0]; programPath = argv[0];
auto programName = std::string(baseNameOf(programPath)); auto programName = std::string(baseNameOf(programPath));