Merge pull request #11706 from ivan-tkatchev/fix-11704

nix shell/run: Use overlayfs
This commit is contained in:
Eelco Dolstra 2024-10-22 14:17:28 +02:00 committed by GitHub
commit eaae19403d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -167,10 +167,9 @@ void chrootHelper(int argc, char * * argv)
/* Bind-mount realStoreDir on /nix/store. If the latter mount
point doesn't already exists, we have to create a chroot
environment containing the mount point and bind mounts for the
children of /. Would be nice if we could use overlayfs here,
but that doesn't work in a user namespace yet (Ubuntu has a
patch for this:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1478578). */
children of /.
Overlayfs for user namespaces is fixed in Linux since ac519625ed
(v5.11, 14 February 2021) */
if (!pathExists(storeDir)) {
// FIXME: Use overlayfs?
@ -206,8 +205,9 @@ void chrootHelper(int argc, char * * argv)
if (chdir(cwd) == -1)
throw SysError("chdir to '%s' in chroot", cwd);
} else
if (mount(realStoreDir.c_str(), storeDir.c_str(), "", MS_BIND, 0) == -1)
throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
if (mount("overlay", storeDir.c_str(), "overlay", MS_MGC_VAL, fmt("lowerdir=%s:%s", storeDir, realStoreDir).c_str()) == -1)
if (mount(realStoreDir.c_str(), storeDir.c_str(), "", MS_BIND, 0) == -1)
throw SysError("mounting '%s' on '%s'", realStoreDir, storeDir);
writeFile(fs::path{"/proc/self/setgroups"}, "deny");
writeFile(fs::path{"/proc/self/uid_map"}, fmt("%d %d %d", uid, uid, 1));