From 709b55ee0281bc2d587dff6f60ec189b010800f6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 29 Oct 2008 15:34:48 +0000 Subject: * Put the chroots under /nix/var/nix/chroots to reduce the risk of disasters involving `rm -rf' on bind mounts. Will try the definitive fix (per-process mounts, apparently possible via the CLONE_NEWNS flag in clone()) some other time. --- src/libstore/build.cc | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'src/libstore/build.cc') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2a8ddd491486..586e44922197 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1710,16 +1710,13 @@ void DerivationGoal::startBuilder() /* Create a temporary directory in which we set up the chroot environment using bind-mounts. - !!! Big danger here: since we're doing this in /tmp, there - is a risk that the admin does something like "rm -rf - /tmp/chroot-nix-*" to clean up aborted builds, and if some - of the bind-mounts are still active, then "rm -rf" will - happily recurse into those mount points (thereby deleting, - say, /nix/store). Ideally, chrootRootDir should be created in - some special location (maybe in /nix/var/nix) where Nix - takes care of unmounting / deleting old chroots - automatically. */ - chrootRootDir = createTempDir("", "chroot-nix"); + !!! Bind mounts are potentially dangerous: if the user + cleans up his system by doing "rm -rf + /nix/var/nix/chroots/*", this will recurse into /nix/store + via the bind mounts (and potentially other parts of the + filesystem, depending on the setting of the + `build-chroot-dirs' option). */ + chrootRootDir = createTempDir(nixChrootsDir, "chroot-nix"); /* Clean up the chroot directory automatically, but don't recurse; that would be very very bad if the unmount of a -- cgit 1.4.1