Unshare mount namespace in main()
Doing it as a side-effect of calling LocalStore::makeStoreWritable() is very ugly. Also, make sure that stopping the progress bar joins the update thread, otherwise that thread should be unshared as well.
This commit is contained in:
parent
7a71621b7c
commit
ff2af4d64e
|
@ -103,10 +103,10 @@ public:
|
||||||
~ProgressBar()
|
~ProgressBar()
|
||||||
{
|
{
|
||||||
stop();
|
stop();
|
||||||
updateThread.join();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void stop() override
|
void stop() override
|
||||||
|
{
|
||||||
{
|
{
|
||||||
auto state(state_.lock());
|
auto state(state_.lock());
|
||||||
if (!state->active) return;
|
if (!state->active) return;
|
||||||
|
@ -115,6 +115,8 @@ public:
|
||||||
updateCV.notify_one();
|
updateCV.notify_one();
|
||||||
quitCV.notify_one();
|
quitCV.notify_one();
|
||||||
}
|
}
|
||||||
|
updateThread.join();
|
||||||
|
}
|
||||||
|
|
||||||
bool isVerbose() override {
|
bool isVerbose() override {
|
||||||
return printBuildLogs;
|
return printBuildLogs;
|
||||||
|
|
|
@ -504,10 +504,6 @@ void LocalStore::makeStoreWritable()
|
||||||
throw SysError("getting info about the Nix store mount point");
|
throw SysError("getting info about the Nix store mount point");
|
||||||
|
|
||||||
if (stat.f_flag & ST_RDONLY) {
|
if (stat.f_flag & ST_RDONLY) {
|
||||||
saveMountNamespace();
|
|
||||||
if (unshare(CLONE_NEWNS) == -1)
|
|
||||||
throw SysError("setting up a private mount namespace");
|
|
||||||
|
|
||||||
if (mount(0, realStoreDir.get().c_str(), "none", MS_REMOUNT | MS_BIND, 0) == -1)
|
if (mount(0, realStoreDir.get().c_str(), "none", MS_REMOUNT | MS_BIND, 0) == -1)
|
||||||
throw SysError("remounting %1% writable", realStoreDir);
|
throw SysError("remounting %1% writable", realStoreDir);
|
||||||
}
|
}
|
||||||
|
|
|
@ -255,6 +255,14 @@ void mainWrapped(int argc, char * * argv)
|
||||||
initNix();
|
initNix();
|
||||||
initGC();
|
initGC();
|
||||||
|
|
||||||
|
#if __linux__
|
||||||
|
if (getuid() == 0) {
|
||||||
|
saveMountNamespace();
|
||||||
|
if (unshare(CLONE_NEWNS) == -1)
|
||||||
|
throw SysError("setting up a private mount namespace");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
programPath = argv[0];
|
programPath = argv[0];
|
||||||
auto programName = std::string(baseNameOf(programPath));
|
auto programName = std::string(baseNameOf(programPath));
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue