Merge branch 'test-sandboxing' of https://github.com/matthewbauer/nix

2025-11-22 02:09:36 +01:00 · 2019-08-27 20:58:47 +02:00 · 2019-08-27 20:58:47 +02:00 · e5b397b2c7
commit e5b397b2c7
parent 73728874ab 5c06a8d328
3 changed files with 31 additions and 4 deletions
--- a/src/nix/run.cc
+++ b/src/nix/run.cc
@ -199,7 +199,10 @@ void chrootHelper(int argc, char * * argv)
    uid_t gid = getgid();

    if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1)
-        throw SysError("setting up a private mount namespace");
+        /* Try with just CLONE_NEWNS in case user namespaces are
+           specifically disabled. */
+        if (unshare(CLONE_NEWNS) == -1)
+            throw SysError("setting up a private mount namespace");

    /* Bind-mount realStoreDir on /nix/store. If the latter mount
       point doesn't already exists, we have to create a chroot