nix-super/src/libutil/linux/namespaces.hh

#pragma once
///@file

#include <optional>

#include "types.hh"

namespace nix {

/**
 * Save the current mount namespace. Ignored if called more than
 * once.
 */
void saveMountNamespace();

/**
 * Restore the mount namespace saved by saveMountNamespace(). Ignored
 * if saveMountNamespace() was never called.
 */
void restoreMountNamespace();

/**
 * Cause this thread to try to not share any FS attributes with the main
 * thread, because this causes setns() in restoreMountNamespace() to
 * fail.
 *
 * This is best effort -- EPERM and ENOSYS failures are just ignored.
 */
void tryUnshareFilesystem();

bool userNamespacesSupported();

bool mountAndPidNamespacesSupported();

}
Fix auto-uid-allocation in Docker containers This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13). 2023-01-25 17:31:27 +01:00			`#pragma once`
Ensure all headers have `#pragma once` and are in API docs `///@file` makes them show up in the internal API dos. A tiny few were missing `#pragma once`. 2023-03-31 23:18:41 -04:00			`///@file`
Fix auto-uid-allocation in Docker containers This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13). 2023-01-25 17:31:27 +01:00
Split up `util.{hh,cc}` All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize` 2023-10-25 00:43:36 -04:00			`#include <optional>`

			`#include "types.hh"`

Fix auto-uid-allocation in Docker containers This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13). 2023-01-25 17:31:27 +01:00			`namespace nix {`

Split up `util.{hh,cc}` All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize` 2023-10-25 00:43:36 -04:00			`/**`
			`* Save the current mount namespace. Ignored if called more than`
			`* once.`
			`*/`
			`void saveMountNamespace();`

			`/**`
			`* Restore the mount namespace saved by saveMountNamespace(). Ignored`
			`* if saveMountNamespace() was never called.`
			`*/`
			`void restoreMountNamespace();`

			`/**`
`tryUnshareFilesystem`: Ignore `ENOSYS` too Fixes #10747 2024-05-22 16:04:40 -04:00			`* Cause this thread to try to not share any FS attributes with the main`
Split up `util.{hh,cc}` All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize` 2023-10-25 00:43:36 -04:00			`* thread, because this causes setns() in restoreMountNamespace() to`
			`* fail.`
`tryUnshareFilesystem`: Ignore `ENOSYS` too Fixes #10747 2024-05-22 16:04:40 -04:00			`*`
			`* This is best effort -- EPERM and ENOSYS failures are just ignored.`
Split up `util.{hh,cc}` All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize` 2023-10-25 00:43:36 -04:00			`*/`
`tryUnshareFilesystem`: Ignore `ENOSYS` too Fixes #10747 2024-05-22 16:04:40 -04:00			`void tryUnshareFilesystem();`
Split up `util.{hh,cc}` All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize` 2023-10-25 00:43:36 -04:00
Fix auto-uid-allocation in Docker containers This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13). 2023-01-25 17:31:27 +01:00			`bool userNamespacesSupported();`

Simplify the PID namespace check: just try to mount /proc Fixes #7783. 2023-02-10 14:38:14 +01:00			`bool mountAndPidNamespacesSupported();`
Check whether we can use PID namespaces In unprivileged podman containers, /proc is not fully visible (there are other filesystems mounted on subdirectories of /proc). Therefore we can't mount a new /proc in the sandbox that matches the PID namespace of the sandbox. So this commit automatically disables sandboxing if /proc is not fully visible. 2023-01-27 15:25:56 +01:00
Fix auto-uid-allocation in Docker containers This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13). 2023-01-25 17:31:27 +01:00			`}`