Unshare mount namespace in main()

Doing it as a side-effect of calling LocalStore::makeStoreWritable() is very ugly. Also, make sure that stopping the progress bar joins the update thread, otherwise that thread should be unshared as well.
author: Eelco Dolstra <edolstra@gmail.com> 2021-11-08 22:00:45 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2021-11-08 22:00:45 +0100
commit: ff2af4d64ee9789c3c50f7e49897e8fa9fda6e16 (patch)
tree: aab58f6e2f78f4afe78cb52e602bf8c0eeec9e7d /src/nix/main.cc
parent: 7a71621b7c43d7d2f264cc495fb7ceb66455fd3c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/nix/main.cc b/src/nix/main.cc
index 1e033f4f2..01889a71f 100644
--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@@ -255,6 +255,14 @@ void mainWrapped(int argc, char * * argv)
     initNix();
     initGC();
 
+    #if __linux__
+    if (getuid() == 0) {
+        saveMountNamespace();
+        if (unshare(CLONE_NEWNS) == -1)
+            throw SysError("setting up a private mount namespace");
+    }
+    #endif
+
     programPath = argv[0];
     auto programName = std::string(baseNameOf(programPath));
author	Eelco Dolstra <edolstra@gmail.com>	2021-11-08 22:00:45 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2021-11-08 22:00:45 +0100
commit	ff2af4d64ee9789c3c50f7e49897e8fa9fda6e16 (patch)
tree	aab58f6e2f78f4afe78cb52e602bf8c0eeec9e7d /src/nix/main.cc
parent	7a71621b7c43d7d2f264cc495fb7ceb66455fd3c (diff)