about summary refs log tree commit diff
path: root/src/nix/run.cc
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-08-27T18·58+0200
committerEelco Dolstra <edolstra@gmail.com>2019-08-27T18·58+0200
commite5b397b2c7b0cf358a2cbfff34e0803b3290831e (patch)
treedef8e0cff3e1b0d1cdaa08708768fb0b2974adec /src/nix/run.cc
parent73728874ab89d77bce3b103acb239d4d5eec14b1 (diff)
parent5c06a8d3283139140e765b5f10ad7102a6a3e964 (diff)
Merge branch 'test-sandboxing' of https://github.com/matthewbauer/nix
Diffstat (limited to 'src/nix/run.cc')
-rw-r--r--src/nix/run.cc5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/nix/run.cc b/src/nix/run.cc
index 35b763345872..90b76d6663e9 100644
--- a/src/nix/run.cc
+++ b/src/nix/run.cc
@@ -199,7 +199,10 @@ void chrootHelper(int argc, char * * argv)
     uid_t gid = getgid();
 
     if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1)
-        throw SysError("setting up a private mount namespace");
+        /* Try with just CLONE_NEWNS in case user namespaces are
+           specifically disabled. */
+        if (unshare(CLONE_NEWNS) == -1)
+            throw SysError("setting up a private mount namespace");
 
     /* Bind-mount realStoreDir on /nix/store. If the latter mount
        point doesn't already exists, we have to create a chroot