4 files changed, 28 insertions, 13 deletions

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index cec03fee4..7a78d5557 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2013,6 +2013,26 @@ void DerivationGoal::initChild()
                     throw SysError(format("unable to make filesystem `%1%' private") % fs);
             }
 
+            /* Set up a nearly empty /dev, unless the user asked to
+               bind-mount the host /dev. */
+            if (dirsInChroot.find("/dev") == dirsInChroot.end()) {
+                createDirs(chrootRootDir + "/dev/shm");
+                Strings ss;
+                ss.push_back("/dev/full");
+                ss.push_back("/dev/kvm");
+                ss.push_back("/dev/null");
+                ss.push_back("/dev/ptmx");
+                ss.push_back("/dev/random");
+                ss.push_back("/dev/tty");
+                ss.push_back("/dev/urandom");
+                ss.push_back("/dev/zero");
+                foreach (Strings::iterator, i, ss) dirsInChroot[*i] = *i;
+                createSymlink("/proc/self/fd", chrootRootDir + "/dev/fd");
+                createSymlink("/proc/self/fd/0", chrootRootDir + "/dev/stdin");
+                createSymlink("/proc/self/fd/1", chrootRootDir + "/dev/stdout");
+                createSymlink("/proc/self/fd/2", chrootRootDir + "/dev/stderr");
+            }
+
             /* Bind-mount all the directories from the "host"
                filesystem that we want in the chroot
                environment. */
@@ -2042,9 +2062,8 @@ void DerivationGoal::initChild()
 
             /* Mount a new tmpfs on /dev/shm to ensure that whatever
                the builder puts in /dev/shm is cleaned up automatically. */
-            if (pathExists("/dev/shm"))
-                if (mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1)
-                    throw SysError("mounting /dev/shm");
+            if (pathExists("/dev/shm") && mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1)
+                throw SysError("mounting /dev/shm");
 
             /* Do the chroot().  Below we do a chdir() to the
                temporary build directory to make sure the current
diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc
index 79bd7d56b..e855e8685 100644
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@@ -53,7 +53,7 @@ int LocalStore::openGCLock(LockType lockType)
 }
 
 
-void createSymlink(const Path & link, const Path & target)
+static void makeSymlink(const Path & link, const Path & target)
 {
     /* Create directories up to `gcRoot'. */
     createDirs(dirOf(link));
@@ -61,9 +61,7 @@ void createSymlink(const Path & link, const Path & target)
     /* Create the new symlink. */
     Path tempLink = (format("%1%.tmp-%2%-%3%")
         % link % getpid() % rand()).str();
-    if (symlink(target.c_str(), tempLink.c_str()) == -1)
-        throw SysError(format("symlinking `%1%' to `%2%'")
-            % tempLink % target);
+    createSymlink(target, tempLink);
 
     /* Atomically replace the old one. */
     if (rename(tempLink.c_str(), link.c_str()) == -1)
@@ -83,7 +81,7 @@ void LocalStore::addIndirectRoot(const Path & path)
     string hash = printHash32(hashString(htSHA1, path));
     Path realRoot = canonPath((format("%1%/%2%/auto/%3%")
         % settings.nixStateDir % gcRootsDir % hash).str());
-    createSymlink(realRoot, path);
+    makeSymlink(realRoot, path);
 }
 
 
@@ -104,7 +102,7 @@ Path addPermRoot(StoreAPI & store, const Path & _storePath,
            point to the Nix store. */
         if (pathExists(gcRoot) && (!isLink(gcRoot) || !isInStore(readLink(gcRoot))))
             throw Error(format("cannot create symlink `%1%'; already exists") % gcRoot);
-        createSymlink(gcRoot, storePath);
+        makeSymlink(gcRoot, storePath);
         store.addIndirectRoot(gcRoot);
     }
 
@@ -119,7 +117,7 @@ Path addPermRoot(StoreAPI & store, const Path & _storePath,
                     % gcRoot % rootsDir);
         }
 
-        createSymlink(gcRoot, storePath);
+        makeSymlink(gcRoot, storePath);
     }
 
     /* Check that the root can be found by the garbage collector.
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index ccf8d4cc5..af2fdfd57 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -42,7 +42,6 @@ Settings::Settings()
     useSubstitutes = true;
     useChroot = false;
     useSshSubstituter = false;
-    dirsInChroot.insert("/dev");
     dirsInChroot.insert("/dev/pts");
     impersonateLinux26 = false;
     keepLog = true;
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index aca98412a..1293a6e8f 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -243,8 +243,7 @@ LocalStore::LocalStore(bool reserveSpace)
     Path gcRootsDir = settings.nixStateDir + "/gcroots";
     if (!pathExists(gcRootsDir)) {
         createDirs(gcRootsDir);
-        if (symlink(profilesDir.c_str(), (gcRootsDir + "/profiles").c_str()) == -1)
-            throw SysError(format("creating symlink to `%1%'") % profilesDir);
+        createSymlink(profilesDir, gcRootsDir + "/profiles");
     }
 
     checkStoreNotSymlink();