From bd770907034609dcdb927c3a75b6a98eff4f23e7 Mon Sep 17 00:00:00 2001 From: Kane York Date: Thu, 23 Jul 2020 19:10:51 -0700 Subject: fix(3p/nix): do not call vfork The use of vfork() in Nix is entirely illegal. Quote: If the process created by vfork() returns from the function in which vfork() was called, or calls any other function before successfully calling _exit() or one of the exec*() family of functions, the behavior is undefined. -- Linux man-pages, release 5.05 Add a TODO to use the higher-performance variants of clone() on Linux when it is available. Change-Id: I42370e1568ad6e2d00d70d0b66c8aded8f1288bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/1418 Tested-by: BuildkiteCI Reviewed-by: tazjin Reviewed-by: Alyssa Ross --- third_party/nix/src/libstore/build.cc | 3 --- 1 file changed, 3 deletions(-) (limited to 'third_party/nix/src/libstore/build.cc') diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc index da35388d855a..74db67e862a7 100644 --- a/third_party/nix/src/libstore/build.cc +++ b/third_party/nix/src/libstore/build.cc @@ -2342,8 +2342,6 @@ void DerivationGoal::startBuilder() { userNamespaceSync.create(); - options.allowVfork = false; - Pid helper = startProcess( [&]() { /* Drop additional groups here because we can't do it @@ -2443,7 +2441,6 @@ void DerivationGoal::startBuilder() { #endif { fallback: - options.allowVfork = !buildUser && !drv->isBuiltin(); pid = startProcess([&]() { runChild(); }, options); } -- cgit 1.4.1