Fix using sandbox without user namespaces

author: Sebastian Ullrich <sebasti@nullri.ch> 2022-02-12 16:28:36 +0100
committer: Sebastian Ullrich <sebasti@nullri.ch> 2022-02-12 16:28:36 +0100
commit: c437e1326d900e2563c5859489f3be2cb557a3d3 (patch)
tree: 5b30c3bca8770012c6b7f072eb561e3638c0c0cf /src/libstore
parent: 4d67ecbbb2a00b22b1b23073f5853bcb5b100b75 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index 0d0afea2d..b76ad702b 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -912,9 +912,12 @@ void LocalDerivationGoal::startBuilder()
         sandboxMountNamespace = open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY);
         if (sandboxMountNamespace.get() == -1)
             throw SysError("getting sandbox mount namespace");
-        sandboxUserNamespace = open(fmt("/proc/%d/ns/user", (pid_t) pid).c_str(), O_RDONLY);
-        if (sandboxUserNamespace.get() == -1)
-            throw SysError("getting sandbox user namespace");
+
+        if (usingUserNamespace) {
+            sandboxUserNamespace = open(fmt("/proc/%d/ns/user", (pid_t) pid).c_str(), O_RDONLY);
+            if (sandboxUserNamespace.get() == -1)
+                throw SysError("getting sandbox user namespace");
+        }
 
         /* Signal the builder that we've updated its user namespace. */
         writeFull(userNamespaceSync.writeSide.get(), "1");
author	Sebastian Ullrich <sebasti@nullri.ch>	2022-02-12 16:28:36 +0100
committer	Sebastian Ullrich <sebasti@nullri.ch>	2022-02-12 16:28:36 +0100
commit	c437e1326d900e2563c5859489f3be2cb557a3d3 (patch)
tree	5b30c3bca8770012c6b7f072eb561e3638c0c0cf /src/libstore
parent	4d67ecbbb2a00b22b1b23073f5853bcb5b100b75 (diff)