diff options
author | Shea Levy <shea@shealevy.com> | 2013-03-08T03·53-0500 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-03-25T18·00+0100 |
commit | cc63db1dd5c37aead3e3d2e20e2d2f548cc24830 (patch) | |
tree | 6f4d75a127dc69806b3c35fc086aafc74ee2bd6c /src/libstore/build.cc | |
parent | 2c9cf5074642459b37f19a2d4c6bc0233248d3a4 (diff) |
makeStoreWritable: Ask forgiveness, not permission
It is surprisingly impossible to check if a mountpoint is a bind mount on Linux, and in my previous commit I forgot to check if /nix/store was even a mountpoint at all. statvfs.f_flag is not populated with MS_BIND (and even if it were, my check was wrong in the previous commit). Luckily, the semantics of mount with MS_REMOUNT | MS_BIND make both checks unnecessary: if /nix/store is not a mountpoint, then mount will fail with EINVAL, and if /nix/store is not a bind-mount, then it will not be made writable. Thus, if /nix/store is not a mountpoint, we fail immediately (since we don't know how to make it writable), and if /nix/store IS a mountpoint but not a bind-mount, we fail at first write (see below for why we can't check and fail immediately). Note that, due to what is IMO buggy behavior in Linux, calling mount with MS_REMOUNT | MS_BIND on a non-bind readonly mount makes the mountpoint appear writable in two places: In the sixth (but not the 10th!) column of mountinfo, and in the f_flags member of struct statfs. All other syscalls behave as if the mount point were still readonly (at least for Linux 3.9-rc1, but I don't think this has changed recently or is expected to soon). My preferred semantics would be for MS_REMOUNT | MS_BIND to fail on a non-bind mount, as it doesn't make sense to remount a non bind-mount as a bind mount.
Diffstat (limited to 'src/libstore/build.cc')
0 files changed, 0 insertions, 0 deletions