diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2021-11-16 14:23:05 +0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2021-11-16 14:48:44 +0100 |
| commit | 8c93a481af2ce8fbcdb9e2bbcc9559d52703112f (patch) | |
| tree | 1ac6f16a86550d4e6e4dec3635608ff574033203 /src/libutil | |
| parent | 51ffc19f02e78d7bea31c2916bc18798183f9ca1 (diff) | |
Ignore errors unsharing/restoring the mount namespace
This prevents Nix from barfing when run in a container where it
doesn't have the appropriate privileges.
Diffstat (limited to 'src/libutil')
| -rw-r--r-- | src/libutil/util.cc | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/libutil/util.cc b/src/libutil/util.cc index a6552ebca..8ae3445c6 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -1631,6 +1631,7 @@ void setStackSize(size_t stackSize) } #endif } + static AutoCloseFD fdSavedMountNamespace; void saveMountNamespace() @@ -1638,9 +1639,10 @@ void saveMountNamespace() #if __linux__ static std::once_flag done; std::call_once(done, []() { - fdSavedMountNamespace = open("/proc/self/ns/mnt", O_RDONLY); - if (!fdSavedMountNamespace) + AutoCloseFD fd = open("/proc/self/ns/mnt", O_RDONLY); + if (!fd) throw SysError("saving parent mount namespace"); + fdSavedMountNamespace = std::move(fd); }); #endif } @@ -1648,8 +1650,12 @@ void saveMountNamespace() void restoreMountNamespace() { #if __linux__ - if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1) - throw SysError("restoring parent mount namespace"); + try { + if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1) + throw SysError("restoring parent mount namespace"); + } catch (Error & e) { + debug(e.msg()); + } #endif } |