diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2018-11-13T15·15+0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2018-11-13T15·15+0100 |
| commit | a0ef21262f4d5652bfb65cfacaec01d89c475a93 (patch) | |
| tree | 6fd2c483dde9bb6f56ff989b6724d2a49679d74a /src/nix/edit.cc | |
| parent | 56f6e382be03b587c1f7260e16fce6622329d1a4 (diff) | |
Restore parent mount namespace before executing a child process
This ensures that they can't write to /nix/store. Fixes #2535.
Diffstat (limited to 'src/nix/edit.cc')
| -rw-r--r-- | src/nix/edit.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/nix/edit.cc b/src/nix/edit.cc index c9671f76d0fa..d8d5895bd867 100644 --- a/src/nix/edit.cc +++ b/src/nix/edit.cc @@ -3,6 +3,7 @@ #include "eval.hh" #include "attr-path.hh" #include "progress-bar.hh" +#include "affinity.hh" #include <unistd.h> @@ -72,6 +73,10 @@ struct CmdEdit : InstallableCommand stopProgressBar(); + restoreAffinity(); + restoreSignals(); + restoreMountNamespace(); + execvp(args.front().c_str(), stringsToCharPtrs(args).data()); throw SysError("cannot run editor '%s'", editor); |