No description
Find a file
aszlig 435848cef1 libutil: Fix restoring mount namespace
I regularly pass around simple scripts by using nix-shell as the script
interpreter, eg. like this:

    #!/usr/bin/env nix-shell
    #!nix-shell -p dd_rescue coreutils bash -i bash

While this works most of the time, I recently had one occasion where it
would not and the above would result in the following:

    $ sudo ./myscript.sh
    bash: ./myscript.sh: No such file or directory

Note the "sudo" here, because this error only occurs if we're root.

The reason for the latter is because running Nix as root means that we
can directly access the store, which makes sure we use a filesystem
namespace to make the store writable. XXX - REWORD!

So when stracing the process, I stumbled on the following sequence:

    openat(AT_FDCWD, "/proc/self/ns/mnt", O_RDONLY) = 3
    unshare(CLONE_NEWNS)                            = 0
    ... later ...
    getcwd("/the/real/cwd", 4096)                   = 14
    setns(3, CLONE_NEWNS)                           = 0
    getcwd("/", 4096)                               = 2

In the whole strace output there are no calls to chdir() whatsoever, so
I decided to look into the kernel source to see what else could change
directories and found this[1]:

    /* Update the pwd and root */
    set_fs_pwd(fs, &root);
    set_fs_root(fs, &root);

The set_fs_pwd() call is roughly equivalent to a chdir() syscall and
this is called when the setns() syscall is invoked[2].

[1]: b14ffae378/fs/namespace.c (L4659)
[2]: b14ffae378/kernel/nsproxy.c (L346)
2022-04-01 09:30:52 -07:00
.github Use the nix command (and flakes) in the CI 2022-01-26 16:41:37 +01:00
config Run autoupdate 2021-06-01 11:42:38 +02:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
doc/manual Update release notes 2022-03-31 17:33:06 +02:00
m4 autoconf: Fix C++17 detection not working on Ubuntu 16.04. 2019-07-03 04:32:25 +02:00
maintainers Integrate push-docker.sh into the release script 2022-02-18 13:58:01 +01:00
misc nix-daemon.service: require mounts for /nix/var/nix/db 2022-03-29 21:05:57 -04:00
mk mk/run_test.sh: Add missing backslash 2022-03-02 21:36:46 +01:00
perl Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
scripts scripts/install-systemd-multi-user.sh: fix another typo 2022-03-31 22:14:53 +03:00
src libutil: Fix restoring mount namespace 2022-04-01 09:30:52 -07:00
tests Fix handling of outputHash when outputHashAlgo is not specified 2022-04-01 12:40:49 +02:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig Add .editorconfig 2017-06-05 22:57:28 +01:00
.gitignore Gitignore the generated systemd nix-daemon conf file 2022-03-30 11:43:08 +02:00
.version Bump version 2022-03-07 20:12:35 +01:00
boehmgc-coroutine-sp-fallback.diff Fix leaking pthread_attr_t 2021-11-03 22:54:16 +01:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Require lowdown 0.9.0 2022-02-01 10:44:19 +01:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix Remove url literals 2022-01-24 13:28:21 +01:00
docker.nix docker: var/tmp make add -p option to mkdir to also create parent dirs 2022-01-15 14:11:37 +01:00
flake.lock Add regression / performance tests against a fixed revision of Nixpkgs 2022-01-25 00:07:30 +01:00
flake.nix add sourcehut integration test 2022-02-23 11:58:09 -03:00
local.mk Remove 'dist' target 2020-12-03 16:17:58 +01:00
Makefile Stop vendoring nlohmann_json 2022-01-26 11:50:53 +01:00
Makefile.config.in use LOWDOWN_LIBS variable 2022-01-30 20:59:58 +02:00
precompiled-headers.h Config: Use nlohmann/json 2020-08-20 11:02:16 +02:00
README.md throw freenode down the memory hole 2021-05-27 21:48:39 +02:00
shell.nix Remove url literals 2022-01-24 13:28:21 +01:00

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation

On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):

$ curl -L https://nixos.org/nix/install | sh

Information on additional installation methods is available on the Nix download page.

Building And Developing

See our Hacking guide in our manual for instruction on how to build nix from source with nix-build or how to get a development environment.

Additional Resources

License

Nix is released under the LGPL v2.1.