diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2019-08-27T18·58+0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2019-08-27T18·58+0200 |
commit | e5b397b2c7b0cf358a2cbfff34e0803b3290831e (patch) | |
tree | def8e0cff3e1b0d1cdaa08708768fb0b2974adec /src/nix/run.cc | |
parent | 73728874ab89d77bce3b103acb239d4d5eec14b1 (diff) | |
parent | 5c06a8d3283139140e765b5f10ad7102a6a3e964 (diff) |
Merge branch 'test-sandboxing' of https://github.com/matthewbauer/nix
Diffstat (limited to 'src/nix/run.cc')
-rw-r--r-- | src/nix/run.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/nix/run.cc b/src/nix/run.cc index 35b763345872..90b76d6663e9 100644 --- a/src/nix/run.cc +++ b/src/nix/run.cc @@ -199,7 +199,10 @@ void chrootHelper(int argc, char * * argv) uid_t gid = getgid(); if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1) - throw SysError("setting up a private mount namespace"); + /* Try with just CLONE_NEWNS in case user namespaces are + specifically disabled. */ + if (unshare(CLONE_NEWNS) == -1) + throw SysError("setting up a private mount namespace"); /* Bind-mount realStoreDir on /nix/store. If the latter mount point doesn't already exists, we have to create a chroot |