aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Hubrecht <github@mail.hubrecht.ovh>2024-05-28 16:01:11 +0200
committerTom Hubrecht <github@mail.hubrecht.ovh>2024-05-29 11:41:16 +0200
commit8b6d2d39155e88250c576571a1251769b926ee83 (patch)
tree3b9c895f87c63b879be7086cdde2773a9fe28470
parentf79ee66646f66e5117583bcf9a579b7f538ca8bb (diff)
util.{hh,cc}: Split out namespaces.{hh,cc}
Change-Id: I8fd3f3b50c15ede29d489066b4e8d99c2c4636a6
-rw-r--r--src/libstore/filetransfer.cc2
-rw-r--r--src/libutil/current-process.cc1
-rw-r--r--src/libutil/namespaces.cc66
-rw-r--r--src/libutil/namespaces.hh20
-rw-r--r--src/libutil/util.cc52
-rw-r--r--src/libutil/util.hh20
-rw-r--r--src/nix/main.cc1
7 files changed, 85 insertions, 77 deletions
diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
index 492463a61..dc656f444 100644
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@@ -1,5 +1,5 @@
#include "filetransfer.hh"
-#include "util.hh"
+#include "namespaces.hh"
#include "globals.hh"
#include "store-api.hh"
#include "s3.hh"
diff --git a/src/libutil/current-process.cc b/src/libutil/current-process.cc
index 41f591b0c..f9a08685f 100644
--- a/src/libutil/current-process.cc
+++ b/src/libutil/current-process.cc
@@ -1,6 +1,7 @@
#include "current-process.hh"
#include "file-system.hh"
#include "logging.hh"
+#include "namespaces.hh"
#include "signals.hh"
#include "util.hh"
#include "strings.hh"
diff --git a/src/libutil/namespaces.cc b/src/libutil/namespaces.cc
index d092e6fcc..98d3cd306 100644
--- a/src/libutil/namespaces.cc
+++ b/src/libutil/namespaces.cc
@@ -1,5 +1,4 @@
-#if __linux__
-
+#include "file-descriptor.hh"
#include "file-system.hh"
#include "logging.hh"
#include "namespaces.hh"
@@ -8,8 +7,67 @@
#include <sys/mount.h>
+#if __linux__
+# include <mutex>
+# include <sys/resource.h>
+#endif
+
namespace nix {
+#if __linux__
+static AutoCloseFD fdSavedMountNamespace;
+static AutoCloseFD fdSavedRoot;
+#endif
+
+void saveMountNamespace()
+{
+#if __linux__
+ static std::once_flag done;
+ std::call_once(done, []() {
+ fdSavedMountNamespace = AutoCloseFD{open("/proc/self/ns/mnt", O_RDONLY)};
+ if (!fdSavedMountNamespace)
+ throw SysError("saving parent mount namespace");
+
+ fdSavedRoot = AutoCloseFD{open("/proc/self/root", O_RDONLY)};
+ });
+#endif
+}
+
+void restoreMountNamespace()
+{
+#if __linux__
+ try {
+ auto savedCwd = absPath(".");
+
+ if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
+ throw SysError("restoring parent mount namespace");
+
+ if (fdSavedRoot) {
+ if (fchdir(fdSavedRoot.get()))
+ throw SysError("chdir into saved root");
+ if (chroot("."))
+ throw SysError("chroot into saved root");
+ }
+
+ if (chdir(savedCwd.c_str()) == -1)
+ throw SysError("restoring cwd");
+ } catch (Error & e) {
+ debug(e.msg());
+ }
+#endif
+}
+
+void unshareFilesystem()
+{
+#ifdef __linux__
+ if (unshare(CLONE_FS) != 0 && errno != EPERM)
+ throw SysError("unsharing filesystem state in download thread");
+#endif
+}
+
+
+#if __linux__
+
static void diagnoseUserNamespaces()
{
if (!pathExists("/proc/self/ns/user")) {
@@ -95,6 +153,6 @@ bool mountAndPidNamespacesSupported()
return res;
}
-}
-
#endif
+
+}
diff --git a/src/libutil/namespaces.hh b/src/libutil/namespaces.hh
index 0b7eeb66c..3a920e665 100644
--- a/src/libutil/namespaces.hh
+++ b/src/libutil/namespaces.hh
@@ -3,6 +3,26 @@
namespace nix {
+/**
+ * Save the current mount namespace. Ignored if called more than
+ * once.
+ */
+void saveMountNamespace();
+
+/**
+ * Restore the mount namespace saved by saveMountNamespace(). Ignored
+ * if saveMountNamespace() was never called.
+ */
+void restoreMountNamespace();
+
+/**
+ * Cause this thread to not share any FS attributes with the main
+ * thread, because this causes setns() in restoreMountNamespace() to
+ * fail.
+ */
+void unshareFilesystem();
+
+
#if __linux__
bool userNamespacesSupported();
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 8e813abc2..6d6e55ad1 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -88,56 +88,4 @@ void ignoreException(Verbosity lvl)
-#if __linux__
-static AutoCloseFD fdSavedMountNamespace;
-static AutoCloseFD fdSavedRoot;
-#endif
-
-void saveMountNamespace()
-{
-#if __linux__
- static std::once_flag done;
- std::call_once(done, []() {
- fdSavedMountNamespace = AutoCloseFD{open("/proc/self/ns/mnt", O_RDONLY)};
- if (!fdSavedMountNamespace)
- throw SysError("saving parent mount namespace");
-
- fdSavedRoot = AutoCloseFD{open("/proc/self/root", O_RDONLY)};
- });
-#endif
-}
-
-void restoreMountNamespace()
-{
-#if __linux__
- try {
- auto savedCwd = absPath(".");
-
- if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
- throw SysError("restoring parent mount namespace");
-
- if (fdSavedRoot) {
- if (fchdir(fdSavedRoot.get()))
- throw SysError("chdir into saved root");
- if (chroot("."))
- throw SysError("chroot into saved root");
- }
-
- if (chdir(savedCwd.c_str()) == -1)
- throw SysError("restoring cwd");
- } catch (Error & e) {
- debug(e.msg());
- }
-#endif
-}
-
-void unshareFilesystem()
-{
-#ifdef __linux__
- if (unshare(CLONE_FS) != 0 && errno != EPERM)
- throw SysError("unsharing filesystem state in download thread");
-#endif
-}
-
-
}
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index e408821b9..867f0a80d 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -40,26 +40,6 @@ extern const std::string nativeSystem;
/**
- * Save the current mount namespace. Ignored if called more than
- * once.
- */
-void saveMountNamespace();
-
-/**
- * Restore the mount namespace saved by saveMountNamespace(). Ignored
- * if saveMountNamespace() was never called.
- */
-void restoreMountNamespace();
-
-/**
- * Cause this thread to not share any FS attributes with the main
- * thread, because this causes setns() in restoreMountNamespace() to
- * fail.
- */
-void unshareFilesystem();
-
-
-/**
* Exception handling in destructors: print an error message, then
* ignore the exception.
*/
diff --git a/src/nix/main.cc b/src/nix/main.cc
index 0f98861d5..5d92cfd76 100644
--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@@ -8,6 +8,7 @@
#include "eval-settings.hh"
#include "globals.hh"
#include "legacy.hh"
+#include "namespaces.hh"
#include "shared.hh"
#include "store-api.hh"
#include "filetransfer.hh"