Open slave pseudoterminal before CLONE_NEWUSER

Otherwise, when running as root and user namespaces are enabled, opening the slave fails with EPERM. Fixes "opening pseudoterminal slave: Permission denied" followed by a hang (https://hydra.nixos.org/build/213104244), and "error: getting sandbox mount namespace: No such file or directory" (#8072), which happens when the child fails very quickly and consequently reading /proc/<child>/ns fails.
author: Eelco Dolstra <edolstra@gmail.com> 2023-03-20 17:04:57 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2023-03-20 17:58:36 +0100
commit: 16db8dc96f64a0facbb620907e571f2dfc8e802e (patch)
tree: e8977ff3830df23f787b97bc57773bdba0c1a27f /src/libstore/build/local-derivation-goal.hh
parent: 83b977ff0790753941509e089f33f49240d616bd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build/local-derivation-goal.hh b/src/libstore/build/local-derivation-goal.hh
index 4d2f1ac28..c9ecc8828 100644
--- a/src/libstore/build/local-derivation-goal.hh
+++ b/src/libstore/build/local-derivation-goal.hh
@@ -169,7 +169,7 @@ struct LocalDerivationGoal : public DerivationGoal
     int getChildStatus() override;
 
     /* Run the builder's process. */
-    void runChild(const std::string & slaveName);
+    void runChild();
 
     /* Check that the derivation outputs all exist and register them
        as valid. */
author	Eelco Dolstra <edolstra@gmail.com>	2023-03-20 17:04:57 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2023-03-20 17:58:36 +0100
commit	16db8dc96f64a0facbb620907e571f2dfc8e802e (patch)
tree	e8977ff3830df23f787b97bc57773bdba0c1a27f /src/libstore/build/local-derivation-goal.hh
parent	83b977ff0790753941509e089f33f49240d616bd (diff)