local-derivation-goal.cc: warn if failing and /proc/self/ns/user missing
This commit causes nix to `warn()` if sandbox setup has failed and `/proc/self/ns/user` does not exist. This is usually a sign that the kernel was compiled without `CONFIG_USER_NS=y`, which is required for sandboxing.
This commit is contained in:
parent
90830b1074
commit
8d35f387dc
|
@ -861,6 +861,9 @@ void LocalDerivationGoal::startBuilder()
|
||||||
_exit(1);
|
_exit(1);
|
||||||
if (!userNamespacesEnabled && errno==EPERM)
|
if (!userNamespacesEnabled && errno==EPERM)
|
||||||
warn("user namespaces appear to be disabled; they are required for sandboxing; check /proc/sys/user/max_user_namespaces");
|
warn("user namespaces appear to be disabled; they are required for sandboxing; check /proc/sys/user/max_user_namespaces");
|
||||||
|
Path procSelfNsUser = "/proc/self/ns/user";
|
||||||
|
if (!pathExists(procSelfNsUser))
|
||||||
|
warn("/proc/self/ns/user does not exist; your kernel was likely built without CONFIG_USER_NS=y, which is required for sandboxing");
|
||||||
/* Mention sandbox-fallback in the error message so the user
|
/* Mention sandbox-fallback in the error message so the user
|
||||||
knows that having it disabled contributed to the
|
knows that having it disabled contributed to the
|
||||||
unrecoverability of this failure */
|
unrecoverability of this failure */
|
||||||
|
|
Loading…
Reference in a new issue