From a32ff2573ba4d0df4e3360c5a96398738da953f6 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Thu, 15 Nov 2018 12:59:54 +0100
Subject: [PATCH] Fix 'Read-only file system' when building a derivation

---
 src/libstore/build.cc | 2 ++
 src/libutil/util.cc   | 3 ++-
 src/libutil/util.hh   | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 676ad5856..9c408e29c 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2193,6 +2193,7 @@ void DerivationGoal::startBuilder()
         userNamespaceSync.create();
 
         options.allowVfork = false;
+        options.restoreMountNamespace = false;
 
         Pid helper = startProcess([&]() {
 
@@ -2259,6 +2260,7 @@ void DerivationGoal::startBuilder()
 #endif
     {
         options.allowVfork = !buildUser && !drv->isBuiltin();
+        options.restoreMountNamespace = false;
         pid = startProcess([&]() {
             runChild();
         }, options);
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 6e4536e6e..e12c4b258 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -936,7 +936,8 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
                 throw SysError("setting death signal");
 #endif
             restoreAffinity();
-            restoreMountNamespace();
+            if (options.restoreMountNamespace)
+                restoreMountNamespace();
             fun();
         } catch (std::exception & e) {
             try {
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index 2689cbd8b..d67bddc13 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -250,6 +250,7 @@ struct ProcessOptions
     bool dieWithParent = true;
     bool runExitHandlers = false;
     bool allowVfork = true;
+    bool restoreMountNamespace = true;
 };
 
 pid_t startProcess(std::function<void()> fun, const ProcessOptions & options = ProcessOptions());