forked from lix-project/lix
as requested by @thufschmitt https://github.com/NixOS/nix/pull/6814#discussion_r924275777
This commit is contained in:
parent
5f51539f88
commit
99fcc91f67
1 changed files with 5 additions and 5 deletions
|
@ -855,11 +855,6 @@ void LocalDerivationGoal::startBuilder()
|
||||||
switch(errno) {
|
switch(errno) {
|
||||||
case EPERM:
|
case EPERM:
|
||||||
case EINVAL: {
|
case EINVAL: {
|
||||||
/* Otherwise exit with EPERM so we can handle this in the
|
|
||||||
parent. This is only done when sandbox-fallback is set
|
|
||||||
to true (the default). */
|
|
||||||
if (settings.sandboxFallback)
|
|
||||||
_exit(1);
|
|
||||||
if (!userNamespacesEnabled && errno==EPERM)
|
if (!userNamespacesEnabled && errno==EPERM)
|
||||||
notice("user namespaces appear to be disabled; they are required for sandboxing; check /proc/sys/user/max_user_namespaces");
|
notice("user namespaces appear to be disabled; they are required for sandboxing; check /proc/sys/user/max_user_namespaces");
|
||||||
if (userNamespacesEnabled) {
|
if (userNamespacesEnabled) {
|
||||||
|
@ -872,6 +867,11 @@ void LocalDerivationGoal::startBuilder()
|
||||||
Path procSelfNsUser = "/proc/self/ns/user";
|
Path procSelfNsUser = "/proc/self/ns/user";
|
||||||
if (!pathExists(procSelfNsUser))
|
if (!pathExists(procSelfNsUser))
|
||||||
notice("/proc/self/ns/user does not exist; your kernel was likely built without CONFIG_USER_NS=y, which is required for sandboxing");
|
notice("/proc/self/ns/user does not exist; your kernel was likely built without CONFIG_USER_NS=y, which is required for sandboxing");
|
||||||
|
/* Otherwise exit with EPERM so we can handle this in the
|
||||||
|
parent. This is only done when sandbox-fallback is set
|
||||||
|
to true (the default). */
|
||||||
|
if (settings.sandboxFallback)
|
||||||
|
_exit(1);
|
||||||
/* Mention sandbox-fallback in the error message so the user
|
/* Mention sandbox-fallback in the error message so the user
|
||||||
knows that having it disabled contributed to the
|
knows that having it disabled contributed to the
|
||||||
unrecoverability of this failure */
|
unrecoverability of this failure */
|
||||||
|
|
Loading…
Reference in a new issue