libstore: add LocalDerivationGoal startChild hook

Add a platform-specific function for starting sandboxed child. Generally this just means startProcess, but on Linux we use flags for clone to start a new namespace Change-Id: I41c8aba62676a162388bbe5ab8a7518904c7b058
author: Artemis Tosini <lix@artem.ist> 2024-05-19 23:01:51 +0000
committer: Artemis Tosini <me@artem.ist> 2024-07-03 22:37:41 +0000
commit: e040b762a48f022b1ea4080020083f7367cf3ee5 (patch)
tree: 49eb474b89a65672d29978fc1b361871b26a3c40 /src/libstore/build/local-derivation-goal.hh
parent: af1dcc2d5e5f9f1bc01e12face96259cf4183629 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libstore/build/local-derivation-goal.hh b/src/libstore/build/local-derivation-goal.hh
index 857339b5d..727a7f406 100644
--- a/src/libstore/build/local-derivation-goal.hh
+++ b/src/libstore/build/local-derivation-goal.hh
@@ -334,6 +334,12 @@ protected:
     };
 
     /**
+     * Create a new process that runs `openSlave` and `runChild`
+     * On some platforms this process is created with sandboxing flags.
+     */
+    virtual Pid startChild(std::function<void()> openSlave);
+
+    /**
      * Execute the builder, replacing the current process.
      * Generally this means an `execve` call.
      */
author	Artemis Tosini <lix@artem.ist>	2024-05-19 23:01:51 +0000
committer	Artemis Tosini <me@artem.ist>	2024-07-03 22:37:41 +0000
commit	e040b762a48f022b1ea4080020083f7367cf3ee5 (patch)
tree	49eb474b89a65672d29978fc1b361871b26a3c40 /src/libstore/build/local-derivation-goal.hh
parent	af1dcc2d5e5f9f1bc01e12face96259cf4183629 (diff)