max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-09-21 00:48:04 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-super/src/libutil
History
aszlig 435848cef1 libutil: Fix restoring mount namespace 
I regularly pass around simple scripts by using nix-shell as the script
interpreter, eg. like this:

    #!/usr/bin/env nix-shell
    #!nix-shell -p dd_rescue coreutils bash -i bash

While this works most of the time, I recently had one occasion where it
would not and the above would result in the following:

    $ sudo ./myscript.sh
    bash: ./myscript.sh: No such file or directory

Note the "sudo" here, because this error only occurs if we're root.

The reason for the latter is because running Nix as root means that we
can directly access the store, which makes sure we use a filesystem
namespace to make the store writable. XXX - REWORD!

So when stracing the process, I stumbled on the following sequence:

    openat(AT_FDCWD, "/proc/self/ns/mnt", O_RDONLY) = 3
    unshare(CLONE_NEWNS)                            = 0
    ... later ...
    getcwd("/the/real/cwd", 4096)                   = 14
    setns(3, CLONE_NEWNS)                           = 0
    getcwd("/", 4096)                               = 2

In the whole strace output there are no calls to chdir() whatsoever, so
I decided to look into the kernel source to see what else could change
directories and found this[1]:

    /* Update the pwd and root */
    set_fs_pwd(fs, &root);
    set_fs_root(fs, &root);

The set_fs_pwd() call is roughly equivalent to a chdir() syscall and
this is called when the setns() syscall is invoked[2].

[1]: b14ffae378/fs/namespace.c (L4659)
[2]: b14ffae378/kernel/nsproxy.c (L346)
2022-04-01 09:30:52 -07:00
..
tests Add some tests for the suggestions 2022-03-07 10:09:10 +01:00
abstract-setting-to-json.hh reproducibility: hide non-reproducible settings from manual 2021-12-01 17:25:58 +01:00
ansicolor.hh Change warnings from yellow to magenta 2021-09-14 10:42:29 +02:00
archive.cc libfetchers/path: set lastModified to path's mtime 2022-03-15 12:32:11 +01:00
archive.hh libfetchers/path: set lastModified to path's mtime 2022-03-15 12:32:11 +01:00
args.cc Implement a suggestions mechanism 2022-03-07 10:09:09 +01:00
args.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
callback.hh Move Callback into its own header 2020-09-21 18:42:21 +02:00
closure.hh Extract a generic computeClosure function 2021-05-19 11:44:58 +02:00
comparator.hh Recursively substitute the realisations 2021-05-26 18:44:17 +02:00
compression.cc Get rid of std::shared_ptr<std::string> and ref<std::string> 2022-01-18 11:12:30 +01:00
compression.hh Get rid of std::shared_ptr<std::string> and ref<std::string> 2022-01-18 11:12:30 +01:00
compute-levels.cc Add x86_64 compute levels as additional system types 2021-02-22 09:11:15 +01:00
compute-levels.hh Add x86_64 compute levels as additional system types 2021-02-22 09:11:15 +01:00
config.cc Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
config.hh reproducibility: hide non-reproducible settings from manual 2021-12-01 17:25:58 +01:00
error.cc libutil: Change return value of addTrace to void 2022-03-30 18:37:32 +02:00
error.hh libutil: Change return value of addTrace to void 2022-03-30 18:37:32 +02:00
experimental-features.cc Add support for impure derivations 2022-03-31 13:43:20 +02:00
experimental-features.hh Add support for impure derivations 2022-03-31 13:43:20 +02:00
finally.hh make Finally more local 2022-03-09 00:16:50 +01:00
fmt.cc hiliteMatches(): Style fixes, pass more stuff by reference 2022-01-24 14:47:34 +01:00
fmt.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
hash.cc Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
hash.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
json.cc avoid ostream sentries per json string character 2022-01-07 06:53:47 +01:00
json.hh Make std::uncaught_exception warning less noisy 2019-10-09 23:04:11 +02:00
local.mk Don't overwrite user provided lib*_LDFLAGS 2021-08-25 08:59:19 -07:00
logging.cc libstore/derivation-goal: avoid double-parsing of JSON messages 2022-02-28 17:27:52 +01:00
logging.hh logging.hh: json.hpp -> json_fwd.hpp 2022-02-28 17:27:52 +01:00
lru-cache.hh Missing #include <cassert> in lru-cache.hh (#3654) 2020-06-03 10:15:22 +00:00
monitor-fd.hh monitor-fds: Fix on macOS. 2018-02-14 18:26:37 -05:00
pool.hh RemoteStore: Close connection if an exception occurs 2018-10-16 23:36:15 +02:00
ref.hh fix build with gcc11 2021-10-13 18:03:33 +00:00
serialise.cc Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
serialise.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
split.hh Typo 2020-09-17 20:21:04 +02:00
suggestions.cc Implement operator<< for Suggestions 2022-03-07 10:09:10 +01:00
suggestions.hh Merge or-suggestions.hh into suggestions.hh 2022-03-07 17:49:02 +01:00
sync.hh sync.hh: return cv_status instead of dropping it, in case useful. 2018-06-18 17:31:00 -05:00
tarfile.cc Revert "TarArchive: Small refactoring" 2022-03-24 22:30:46 +01:00
tarfile.hh Revert "TarArchive: Small refactoring" 2022-03-24 22:30:46 +01:00
thread-pool.cc Remove CPU locking 2021-12-22 15:56:25 +01:00
thread-pool.hh Fix extra ; warnings involving MakeError 2019-11-10 11:24:47 -05:00
topo-sort.hh Add missing #pragma once 2020-10-06 10:40:07 +02:00
types.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
url-parts.hh Fix Nix to properly work with stores using a scoped IPv6 address 2021-03-16 19:14:42 +01:00
url.cc Prefer to throw specific errors 2021-07-01 11:09:31 -07:00
url.hh Don't include <regex> in header files 2020-09-21 18:22:45 +02:00
util.cc libutil: Fix restoring mount namespace 2022-04-01 09:30:52 -07:00
util.hh Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
xml-writer.cc xml-writer: Remove std aliases 2022-02-25 16:13:02 +01:00
xml-writer.hh xml-writer: Remove std aliases 2022-02-25 16:13:02 +01:00