Fix namespace warning being emitted if sandbox is disabled

If useChroot = false, and user namespaces aren't available for some
reason (e.g. within a Docker container), this fixes a pointless warning
being emitted, as we would never attempt to use them even if they were
available.

Change-Id: Ibcee91c088edd2cd19e70218d5a5802bff8f537b
This commit is contained in:
Winter Cute 2024-07-19 14:36:10 -04:00
parent aba5f19680
commit 3da41fdb82

View file

@ -221,12 +221,12 @@ void LocalDerivationGoal::tryLocalBuild()
}
#if __linux__
if (useChroot) {
// FIXME: should user namespaces being unsupported also require
// sandbox-fallback to be allowed? I don't think so, since they aren't a
// huge security win to have enabled.
usingUserNamespace = userNamespacesSupported();
if (useChroot) {
if (!mountAndPidNamespacesSupported()) {
if (!settings.sandboxFallback)
throw Error("this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing. Pass --debug for diagnostics on what is broken.");