nix-super/src/libutil
Yorick van Pelt fcb8af550f
Restore parent mount namespace in restoreProcessContext
This ensures any started processes can't write to /nix/store (except
during builds). This partially reverts 01d07b1e, which happened because
of #2646.

The problem was only happening after nix downloads anything, causing
me to suspect the download thread. The problem turns out to be:
"A  process  can't  join a new mount namespace if it is sharing
filesystem-related attributes with another process", in this case this
process is the curl thread.

Ideally, we might kill it before spawning the shell process, but it's
inside a static variable in the getFileTransfer() function. So
instead, stop it from sharing FS state using unshare(). A strategy
such as the one from #5057 (single-threaded chroot helper binary) is
also very much on the table.

Fixes #4337.
2021-10-15 16:25:49 +02:00
..
tests ANSI_YELLOW -> ANSI_WARNING 2021-09-14 10:42:29 +02:00
abstract-setting-to-json.hh abstractsettingtojson.hh -> abstract-setting-to-json.hh 2020-09-21 18:49:43 +02:00
affinity.cc affinity operator<< 2020-05-04 14:44:00 -06:00
affinity.hh Run the daemon worker on the same CPU as the client 2013-08-07 14:02:04 +02:00
ansicolor.hh Change warnings from yellow to magenta 2021-09-14 10:42:29 +02:00
archive.cc fix creation of NAR files >4GB on 32-bit platforms 2021-10-02 21:04:01 +00:00
archive.hh Add forgotten override annotation 2020-12-02 14:23:38 +01:00
args.cc nix --help: Display help using lowdown instead of man 2021-09-13 14:45:21 +02:00
args.hh Add "nix profile rollback" command 2021-09-14 19:32:33 +02:00
callback.hh Move Callback into its own header 2020-09-21 18:42:21 +02:00
closure.hh Extract a generic computeClosure function 2021-05-19 11:44:58 +02:00
comparator.hh Recursively substitute the realisations 2021-05-26 18:44:17 +02:00
compression.cc Style tweaks 2021-10-13 11:00:10 +02:00
compression.hh Add compression level for NARs 2021-10-12 02:14:36 -04:00
compute-levels.cc Add x86_64 compute levels as additional system types 2021-02-22 09:11:15 +01:00
compute-levels.hh Add x86_64 compute levels as additional system types 2021-02-22 09:11:15 +01:00
config.cc Make setDefault() typed 2021-09-22 14:15:35 +02:00
config.hh Make setDefault() typed 2021-09-22 14:15:35 +02:00
error.cc ANSI_YELLOW -> ANSI_WARNING 2021-09-14 10:42:29 +02:00
error.hh Improve error formatting 2021-01-21 11:02:09 +01:00
finally.hh Add missing #include 2016-11-07 14:35:47 +01:00
fmt.hh ANSI_YELLOW -> ANSI_WARNING 2021-09-14 10:42:29 +02:00
hash.cc Sink: Use std::string_view 2020-12-02 14:17:27 +01:00
hash.hh Sink: Use std::string_view 2020-12-02 14:17:27 +01:00
json.cc Fix build 2020-07-30 15:27:28 +02:00
json.hh Make std::uncaught_exception warning less noisy 2019-10-09 23:04:11 +02:00
local.mk Don't overwrite user provided lib*_LDFLAGS 2021-08-25 08:59:19 -07:00
logging.cc ANSI_YELLOW -> ANSI_WARNING 2021-09-14 10:42:29 +02:00
logging.hh Add lvlNotice log level 2020-12-10 16:41:24 +01:00
lru-cache.hh Missing #include <cassert> in lru-cache.hh (#3654) 2020-06-03 10:15:22 +00:00
monitor-fd.hh monitor-fds: Fix on macOS. 2018-02-14 18:26:37 -05:00
pool.hh RemoteStore: Close connection if an exception occurs 2018-10-16 23:36:15 +02:00
ref.hh fix build with gcc11 2021-10-13 18:03:33 +00:00
rust-ffi.cc StorePath: Rewrite in C++ 2020-06-16 14:28:41 +02:00
rust-ffi.hh StorePath: Rewrite in C++ 2020-06-16 14:28:41 +02:00
serialise.cc Fix clang warning 2021-09-14 08:15:33 +02:00
serialise.hh Use libarchive for all compression 2021-03-10 22:34:29 +01:00
split.hh Typo 2020-09-17 20:21:04 +02:00
sync.hh sync.hh: return cv_status instead of dropping it, in case useful. 2018-06-18 17:31:00 -05:00
tarfile.cc TarArchive: Small refactoring 2021-08-30 17:02:51 +02:00
tarfile.hh TarArchive: Small refactoring 2021-08-30 17:02:51 +02:00
thread-pool.cc Fix a hang in ThreadPool 2017-10-09 15:41:09 +02:00
thread-pool.hh Fix extra ; warnings involving MakeError 2019-11-10 11:24:47 -05:00
topo-sort.hh Add missing #pragma once 2020-10-06 10:40:07 +02:00
types.hh Move Explicit 2020-10-26 17:01:20 +01:00
url-parts.hh Fix Nix to properly work with stores using a scoped IPv6 address 2021-03-16 19:14:42 +01:00
url.cc Prefer to throw specific errors 2021-07-01 11:09:31 -07:00
url.hh Don't include <regex> in header files 2020-09-21 18:22:45 +02:00
util.cc Restore parent mount namespace in restoreProcessContext 2021-10-15 16:25:49 +02:00
util.hh Restore parent mount namespace in restoreProcessContext 2021-10-15 16:25:49 +02:00
xml-writer.cc Cleanup 2019-11-06 16:53:02 +01:00
xml-writer.hh Fix some random -Wconversion warnings 2018-05-02 13:56:34 +02:00