diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2021-11-09 12:33:25 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-09 12:33:25 +0100 |
| commit | 884ef336c4bf838d853056d8abb926a71786afa6 (patch) | |
| tree | 8b40463adba894bf936cb23db27a50b32dcb9551 | |
| parent | 25d2316e8f53273191ac28ae554e3bef2c483598 (diff) | |
| parent | ff2af4d64ee9789c3c50f7e49897e8fa9fda6e16 (diff) | |
Merge pull request #5519 from edolstra/move-unshare
Unshare mount namespace in main()
| -rw-r--r-- | src/libmain/progress-bar.cc | 16 | ||||
| -rw-r--r-- | src/libstore/local-store.cc | 4 | ||||
| -rw-r--r-- | src/nix/main.cc | 8 |
3 files changed, 17 insertions, 11 deletions
diff --git a/src/libmain/progress-bar.cc b/src/libmain/progress-bar.cc index b2a6e2a82..63955eed1 100644 --- a/src/libmain/progress-bar.cc +++ b/src/libmain/progress-bar.cc @@ -103,17 +103,19 @@ public: ~ProgressBar() { stop(); - updateThread.join(); } void stop() override { - auto state(state_.lock()); - if (!state->active) return; - state->active = false; - writeToStderr("\r\e[K"); - updateCV.notify_one(); - quitCV.notify_one(); + { + auto state(state_.lock()); + if (!state->active) return; + state->active = false; + writeToStderr("\r\e[K"); + updateCV.notify_one(); + quitCV.notify_one(); + } + updateThread.join(); } bool isVerbose() override { diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 1cef50a40..eb3457339 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -504,10 +504,6 @@ void LocalStore::makeStoreWritable() throw SysError("getting info about the Nix store mount point"); if (stat.f_flag & ST_RDONLY) { - saveMountNamespace(); - if (unshare(CLONE_NEWNS) == -1) - throw SysError("setting up a private mount namespace"); - if (mount(0, realStoreDir.get().c_str(), "none", MS_REMOUNT | MS_BIND, 0) == -1) throw SysError("remounting %1% writable", realStoreDir); } diff --git a/src/nix/main.cc b/src/nix/main.cc index 1e033f4f2..01889a71f 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -255,6 +255,14 @@ void mainWrapped(int argc, char * * argv) initNix(); initGC(); + #if __linux__ + if (getuid() == 0) { + saveMountNamespace(); + if (unshare(CLONE_NEWNS) == -1) + throw SysError("setting up a private mount namespace"); + } + #endif + programPath = argv[0]; auto programName = std::string(baseNameOf(programPath)); |