Merge pull request #1139 from Mic92/master

Simplify remouting with MS_PRIVATE in sandbox build
This commit is contained in:
Eelco Dolstra 2017-01-09 16:46:59 +01:00 committed by GitHub
commit 7adb986e35

View file

@ -2295,12 +2295,8 @@ void DerivationGoal::runChild()
outside of the namespace. Making a subtree private is outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */ does not affect the outside world. */
Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n"); if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
for (auto & i : mounts) { throw SysError("unable to make / private mount");
vector<string> fields = tokenizeString<vector<string> >(i, " ");
string fs = decodeOctalEscaped(fields.at(4));
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
throw SysError(format("unable to make filesystem %1% private") % fs);
} }
/* Bind-mount chroot directory to itself, to treat it as a /* Bind-mount chroot directory to itself, to treat it as a