scriptis/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity
lix/src
History
Yorick fcb8af550f
Restore parent mount namespace in restoreProcessContext 
This ensures any started processes can't write to /nix/store (except
during builds). This partially reverts 01d07b1e, which happened because
of #2646.

The problem was only happening after nix downloads anything, causing
me to suspect the download thread. The problem turns out to be:
"A  process  can't  join a new mount namespace if it is sharing
filesystem-related attributes with another process", in this case this
process is the curl thread.

Ideally, we might kill it before spawning the shell process, but it's
inside a static variable in the getFileTransfer() function. So
instead, stop it from sharing FS state using unshare(). A strategy
such as the one from #5057 (single-threaded chroot helper binary) is
also very much on the table.

Fixes #4337.
2021-10-15 16:25:49 +02:00
..
build-remote copyPaths: Pass store by reference 2021-07-22 09:59:51 +02:00
cpptoml Revert the enum struct change 2020-06-18 22:11:26 +00:00
libcmd std::visit by reference 2021-09-30 21:35:09 +00:00
libexpr add pos to EvalState::forceValue 2021-10-14 23:23:05 -05:00
libfetchers Explicitly set initial branch name for git 2021-09-24 22:09:49 +08:00
libmain Merge pull request #5224 from baloo/baloo/5089/force-nss_dns-load 2021-09-09 10:37:41 +02:00
libstore Restore parent mount namespace in restoreProcessContext 2021-10-15 16:25:49 +02:00
libutil Restore parent mount namespace in restoreProcessContext 2021-10-15 16:25:49 +02:00
nix Merge pull request #5362 from Artturin/nixunpack 2021-10-13 11:39:08 +02:00
nix-build nix-shell --pure: Let it work for any derivation 2021-08-06 15:30:49 -07:00
nix-channel Initialize plugins after handling initial command line flags 2021-02-24 08:22:17 -05:00
nix-collect-garbage Initialize plugins after handling initial command line flags 2021-02-24 08:22:17 -05:00
nix-copy-closure copyPaths: Pass store by reference 2021-07-22 09:59:51 +02:00
nix-env Fix quotes 2021-09-14 19:48:16 +02:00
nix-instantiate nix-instantiate: Fix --eval-store 2021-07-27 11:16:47 +02:00
nix-store nix-store --serve: pass on settings.keepFailed from SSH store 2021-08-31 13:11:46 +02:00
nlohmann nlohmann_json: Update to 3.9.1, fix use of internal copy 2021-07-15 12:25:53 +02:00
resolve-system-dependencies Apply OS checks to host platform, not build 2021-06-23 15:00:36 +00:00