No description
Find a file
Yorick van Pelt fcb8af550f
Restore parent mount namespace in restoreProcessContext
This ensures any started processes can't write to /nix/store (except
during builds). This partially reverts 01d07b1e, which happened because
of #2646.

The problem was only happening after nix downloads anything, causing
me to suspect the download thread. The problem turns out to be:
"A  process  can't  join a new mount namespace if it is sharing
filesystem-related attributes with another process", in this case this
process is the curl thread.

Ideally, we might kill it before spawning the shell process, but it's
inside a static variable in the getFileTransfer() function. So
instead, stop it from sharing FS state using unshare(). A strategy
such as the one from #5057 (single-threaded chroot helper binary) is
also very much on the table.

Fixes #4337.
2021-10-15 16:25:49 +02:00
.github Bump cachix/install-nix-action from 13 to 14 2021-09-14 12:57:56 +00:00
config Run autoupdate 2021-06-01 11:42:38 +02:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
doc/manual Update release notes 2021-10-13 11:39:54 +02:00
m4 autoconf: Fix C++17 detection not working on Ubuntu 16.04. 2019-07-03 04:32:25 +02:00
maintainers Update release script 2021-10-08 15:01:03 +02:00
misc Merge pull request #4935 from alyssais/host_os 2021-07-08 12:40:54 +02:00
mk mk/libraries.mk: fix trace-ld and trace-ar expansions 2021-10-08 22:59:42 +01:00
nix-rust Apply OS checks to host platform, not build 2021-06-23 15:00:36 +00:00
perl Expose a perl method to query a derivation 2021-07-30 11:55:14 +02:00
scripts darwin-install: fix incorrect fn name 2021-10-12 18:17:27 -05:00
src Restore parent mount namespace in restoreProcessContext 2021-10-15 16:25:49 +02:00
tests Disable the eval-store test when using the daemon 2021-10-15 14:15:43 +02:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig Add .editorconfig 2017-06-05 22:57:28 +01:00
.gitignore gitignore the libstore-tests executable 2021-10-08 10:12:27 +02:00
.version Bump version to 2.5 2021-10-07 17:39:30 +02:00
boehmgc-coroutine-sp-fallback.diff boehmgc: Remove unused code from patch 2021-06-25 17:45:48 +02:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac configure: explicit dependency on lowdown library 2021-09-14 07:54:37 +02:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix Simplify shell.nix and default.nix 2020-06-17 19:21:46 +02:00
flake.lock flake.lock: Update 2021-10-06 12:41:23 +02:00
flake.nix Adds a test for nss preload mechanism 2021-10-07 17:25:41 +00:00
local.mk Remove 'dist' target 2020-12-03 16:17:58 +01:00
Makefile Add a test for RefScanSink and clean up the code 2021-10-04 14:29:42 +02:00
Makefile.config.in Apply OS checks to host platform, not build 2021-06-23 15:00:36 +00:00
precompiled-headers.h Config: Use nlohmann/json 2020-08-20 11:02:16 +02:00
README.md throw freenode down the memory hole 2021-05-27 21:48:39 +02:00
shell.nix Add back flake-compat shell.nix 2020-07-17 14:58:59 +00:00

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation

On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):

$ curl -L https://nixos.org/nix/install | sh

Information on additional installation methods is available on the Nix download page.

Building And Developing

See our Hacking guide in our manual for instruction on how to build nix from source with nix-build or how to get a development environment.

Additional Resources

License

Nix is released under the LGPL v2.1.