forked from lix-project/lix
* Put the chroots under /nix/var/nix/chroots to reduce the risk of
disasters involving `rm -rf' on bind mounts. Will try the definitive fix (per-process mounts, apparently possible via the CLONE_NEWNS flag in clone()) some other time.
This commit is contained in:
parent
c98ea254dc
commit
709b55ee02
|
@ -138,6 +138,7 @@ static void initAndRun(int argc, char * * argv)
|
||||||
nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
|
nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
|
||||||
nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
|
nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
|
||||||
nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
|
nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
|
||||||
|
nixChrootsDir = canonPath(getEnv("NIX_CHROOTS_DIR", nixStateDir + "/chroots"));
|
||||||
|
|
||||||
string subs = getEnv("NIX_SUBSTITUTERS", "default");
|
string subs = getEnv("NIX_SUBSTITUTERS", "default");
|
||||||
if (subs == "default") {
|
if (subs == "default") {
|
||||||
|
|
|
@ -1710,16 +1710,13 @@ void DerivationGoal::startBuilder()
|
||||||
/* Create a temporary directory in which we set up the chroot
|
/* Create a temporary directory in which we set up the chroot
|
||||||
environment using bind-mounts.
|
environment using bind-mounts.
|
||||||
|
|
||||||
!!! Big danger here: since we're doing this in /tmp, there
|
!!! Bind mounts are potentially dangerous: if the user
|
||||||
is a risk that the admin does something like "rm -rf
|
cleans up his system by doing "rm -rf
|
||||||
/tmp/chroot-nix-*" to clean up aborted builds, and if some
|
/nix/var/nix/chroots/*", this will recurse into /nix/store
|
||||||
of the bind-mounts are still active, then "rm -rf" will
|
via the bind mounts (and potentially other parts of the
|
||||||
happily recurse into those mount points (thereby deleting,
|
filesystem, depending on the setting of the
|
||||||
say, /nix/store). Ideally, chrootRootDir should be created in
|
`build-chroot-dirs' option). */
|
||||||
some special location (maybe in /nix/var/nix) where Nix
|
chrootRootDir = createTempDir(nixChrootsDir, "chroot-nix");
|
||||||
takes care of unmounting / deleting old chroots
|
|
||||||
automatically. */
|
|
||||||
chrootRootDir = createTempDir("", "chroot-nix");
|
|
||||||
|
|
||||||
/* Clean up the chroot directory automatically, but don't
|
/* Clean up the chroot directory automatically, but don't
|
||||||
recurse; that would be very very bad if the unmount of a
|
recurse; that would be very very bad if the unmount of a
|
||||||
|
|
|
@ -16,6 +16,7 @@ string nixDBPath = "/UNINIT";
|
||||||
string nixConfDir = "/UNINIT";
|
string nixConfDir = "/UNINIT";
|
||||||
string nixLibexecDir = "/UNINIT";
|
string nixLibexecDir = "/UNINIT";
|
||||||
string nixBinDir = "/UNINIT";
|
string nixBinDir = "/UNINIT";
|
||||||
|
string nixChrootsDir = "/UNINIT";
|
||||||
|
|
||||||
bool keepFailed = false;
|
bool keepFailed = false;
|
||||||
bool keepGoing = false;
|
bool keepGoing = false;
|
||||||
|
|
|
@ -35,6 +35,12 @@ extern string nixLibexecDir;
|
||||||
/* nixBinDir is the directory where the main programs are stored. */
|
/* nixBinDir is the directory where the main programs are stored. */
|
||||||
extern string nixBinDir;
|
extern string nixBinDir;
|
||||||
|
|
||||||
|
/* nixChrootsDir is the directory where we create chroot environments
|
||||||
|
(when chroot builds are enabled). We don't put these under /tmp to
|
||||||
|
prevent "rm -rf /tmp" from recursing into /nix/store via the bind
|
||||||
|
mounts in the chroots. */
|
||||||
|
extern string nixChrootsDir;
|
||||||
|
|
||||||
|
|
||||||
/* Misc. global flags. */
|
/* Misc. global flags. */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue