Restore parent mount namespace before executing a child process

This ensures that they can't write to /nix/store. Fixes #2535.
author: Eelco Dolstra <edolstra@gmail.com> 2018-11-13 16:15:30 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2018-11-13 16:15:30 +0100
commit: a0ef21262f4d5652bfb65cfacaec01d89c475a93 (patch)
tree: 6fd2c483dde9bb6f56ff989b6724d2a49679d74a /src/libutil/util.hh
parent: 56f6e382be03b587c1f7260e16fce6622329d1a4 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index bda87bee4..2689cbd8b 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -514,4 +514,13 @@ typedef std::function<bool(const Path & path)> PathFilter;
 extern PathFilter defaultPathFilter;
 
 
+/* Save the current mount namespace. Ignored if called more than
+   once. */
+void saveMountNamespace();
+
+/* Restore the mount namespace saved by saveMountNamespace(). Ignored
+   if saveMountNamespace() was never called. */
+void restoreMountNamespace();
+
+
 }
author	Eelco Dolstra <edolstra@gmail.com>	2018-11-13 16:15:30 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2018-11-13 16:15:30 +0100
commit	a0ef21262f4d5652bfb65cfacaec01d89c475a93 (patch)
tree	6fd2c483dde9bb6f56ff989b6724d2a49679d74a /src/libutil/util.hh
parent	56f6e382be03b587c1f7260e16fce6622329d1a4 (diff)