diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-06-02T14·51+0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-06-02T14·51+0200 |
commit | a24f2c9b8413ebc8b1776ab3f770c69e4a03007b (patch) | |
tree | 8cff7e5b4287e08ab5e93cf04063c06cdbfe3801 /src | |
parent | 6f2d51287c471238a2ff1a517c965560dfb2a149 (diff) |
nix run: Mount the Nix store in a private namespace
This is a convenience command to allow users who are not privileged to create /nix/store to use Nix with regular binary caches. For example, $ NIX_REMOTE="local?state=$HOME/nix/var&real=/$HOME/nix/store" nix run firefox bashInteractive will download Firefox and bash from cache.nixos.org, then start a shell in which $HOME/nix/store is mounted on /nix/store.
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/local-store.hh | 4 | ||||
-rw-r--r-- | src/nix/run.cc | 22 |
2 files changed, 25 insertions, 1 deletions
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh index 3a2568ec9479..0c2766f667ec 100644 --- a/src/libstore/local-store.hh +++ b/src/libstore/local-store.hh @@ -73,6 +73,8 @@ private: Sync<State, std::recursive_mutex> _state; +public: + const Path realStoreDir; const Path dbDir; const Path linksDir; @@ -80,6 +82,8 @@ private: const Path schemaPath; const Path trashDir; +private: + bool requireSigs; PublicKeys publicKeys; diff --git a/src/nix/run.cc b/src/nix/run.cc index ba1efb63b472..ed1c2650cb3f 100644 --- a/src/nix/run.cc +++ b/src/nix/run.cc @@ -4,6 +4,11 @@ #include "shared.hh" #include "store-api.hh" #include "derivations.hh" +#include "local-store.hh" + +#if __linux__ +#include <sys/mount.h> +#endif using namespace nix; @@ -40,6 +45,20 @@ struct CmdRun : StoreCommand, MixInstallables store->buildPaths(pathsToBuild); + auto store2 = store.dynamic_pointer_cast<LocalStore>(); + + if (store2 && store->storeDir != store2->realStoreDir) { +#if __linux__ + if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1) + throw SysError("setting up a private mount namespace"); + + if (mount(store2->realStoreDir.c_str(), store->storeDir.c_str(), "", MS_BIND, 0) == -1) + throw SysError(format("mounting ‘%s’ on ‘%s’") % store2->realStoreDir % store->storeDir); +#else + throw Error(format("mounting the Nix store on ‘%s’ is not supported on this platform") % store->storeDir); +#endif + } + PathSet outPaths; for (auto & path : pathsToBuild) if (isDerivation(path)) { @@ -55,7 +74,8 @@ struct CmdRun : StoreCommand, MixInstallables unixPath.push_front(path + "/bin"); setenv("PATH", concatStringsSep(":", unixPath).c_str(), 1); - execlp("bash", "bash", nullptr); + if (execlp("bash", "bash", nullptr) == -1) + throw SysError("unable to exec ‘bash’"); } }; |