diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2017-01-09 16:46:59 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-09 16:46:59 +0100 |
commit | 7adb986e354a36b6d8953213754b0d032e371308 (patch) | |
tree | c6f718d92f590caa336e55a24c1098947decfc9c /src/libstore/build.cc | |
parent | f61337fdb36fa7107b015d57eff399553e69e9a3 (diff) | |
parent | 855abd85d8ec27411aa4ad3be2b7f90d17b5693d (diff) |
Merge pull request #1139 from Mic92/master
Simplify remouting with MS_PRIVATE in sandbox build
Diffstat (limited to 'src/libstore/build.cc')
-rw-r--r-- | src/libstore/build.cc | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index c46b7cd64..ca56d3ad9 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -2295,12 +2295,8 @@ void DerivationGoal::runChild() outside of the namespace. Making a subtree private is local to the namespace, though, so setting MS_PRIVATE does not affect the outside world. */ - Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n"); - for (auto & i : mounts) { - vector<string> fields = tokenizeString<vector<string> >(i, " "); - string fs = decodeOctalEscaped(fields.at(4)); - if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1) - throw SysError(format("unable to make filesystem ‘%1%’ private") % fs); + if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) { + throw SysError("unable to make ‘/’ private mount"); } /* Bind-mount chroot directory to itself, to treat it as a |