mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
Merge pull request #1139 from Mic92/master
Simplify remouting with MS_PRIVATE in sandbox build
This commit is contained in:
commit
7adb986e35
1 changed files with 2 additions and 6 deletions
|
@ -2295,12 +2295,8 @@ void DerivationGoal::runChild()
|
||||||
outside of the namespace. Making a subtree private is
|
outside of the namespace. Making a subtree private is
|
||||||
local to the namespace, though, so setting MS_PRIVATE
|
local to the namespace, though, so setting MS_PRIVATE
|
||||||
does not affect the outside world. */
|
does not affect the outside world. */
|
||||||
Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
|
if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
|
||||||
for (auto & i : mounts) {
|
throw SysError("unable to make ‘/’ private mount");
|
||||||
vector<string> fields = tokenizeString<vector<string> >(i, " ");
|
|
||||||
string fs = decodeOctalEscaped(fields.at(4));
|
|
||||||
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
|
|
||||||
throw SysError(format("unable to make filesystem ‘%1%’ private") % fs);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Bind-mount chroot directory to itself, to treat it as a
|
/* Bind-mount chroot directory to itself, to treat it as a
|
||||||
|
|
Loading…
Reference in a new issue