diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2008-10-29T15·34+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2008-10-29T15·34+0000 |
commit | 709b55ee0281bc2d587dff6f60ec189b010800f6 (patch) | |
tree | 18285f86f7247c8ee638598daad8e5b5b2387f26 | |
parent | c98ea254dcb6384b686a88657fd800ad7655e4a5 (diff) |
* Put the chroots under /nix/var/nix/chroots to reduce the risk of
disasters involving `rm -rf' on bind mounts. Will try the definitive fix (per-process mounts, apparently possible via the CLONE_NEWNS flag in clone()) some other time.
-rw-r--r-- | src/libmain/shared.cc | 1 | ||||
-rw-r--r-- | src/libstore/build.cc | 17 | ||||
-rw-r--r-- | src/libstore/globals.cc | 1 | ||||
-rw-r--r-- | src/libstore/globals.hh | 6 |
4 files changed, 15 insertions, 10 deletions
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index fd16dece7d44..4725d1ed1047 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -138,6 +138,7 @@ static void initAndRun(int argc, char * * argv) nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR)); nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR)); nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR)); + nixChrootsDir = canonPath(getEnv("NIX_CHROOTS_DIR", nixStateDir + "/chroots")); string subs = getEnv("NIX_SUBSTITUTERS", "default"); if (subs == "default") { diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2a8ddd491486..586e44922197 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1710,16 +1710,13 @@ void DerivationGoal::startBuilder() /* Create a temporary directory in which we set up the chroot environment using bind-mounts. - !!! Big danger here: since we're doing this in /tmp, there - is a risk that the admin does something like "rm -rf - /tmp/chroot-nix-*" to clean up aborted builds, and if some - of the bind-mounts are still active, then "rm -rf" will - happily recurse into those mount points (thereby deleting, - say, /nix/store). Ideally, chrootRootDir should be created in - some special location (maybe in /nix/var/nix) where Nix - takes care of unmounting / deleting old chroots - automatically. */ - chrootRootDir = createTempDir("", "chroot-nix"); + !!! Bind mounts are potentially dangerous: if the user + cleans up his system by doing "rm -rf + /nix/var/nix/chroots/*", this will recurse into /nix/store + via the bind mounts (and potentially other parts of the + filesystem, depending on the setting of the + `build-chroot-dirs' option). */ + chrootRootDir = createTempDir(nixChrootsDir, "chroot-nix"); /* Clean up the chroot directory automatically, but don't recurse; that would be very very bad if the unmount of a diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index eaea4b707eea..7228fc19364d 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -16,6 +16,7 @@ string nixDBPath = "/UNINIT"; string nixConfDir = "/UNINIT"; string nixLibexecDir = "/UNINIT"; string nixBinDir = "/UNINIT"; +string nixChrootsDir = "/UNINIT"; bool keepFailed = false; bool keepGoing = false; diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index f650cd1b79b5..a97aa6d8b5ec 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -35,6 +35,12 @@ extern string nixLibexecDir; /* nixBinDir is the directory where the main programs are stored. */ extern string nixBinDir; +/* nixChrootsDir is the directory where we create chroot environments + (when chroot builds are enabled). We don't put these under /tmp to + prevent "rm -rf /tmp" from recursing into /nix/store via the bind + mounts in the chroots. */ +extern string nixChrootsDir; + /* Misc. global flags. */ |