about summary refs log tree commit diff
path: root/src/nix/run.cc
blob: f3333b7778059de5040641cc5a23e74fbb5587f1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#include "command.hh"
#include "common-args.hh"
#include "installables.hh"
#include "shared.hh"
#include "store-api.hh"
#include "derivations.hh"
#include "local-store.hh"
#include "finally.hh"

#if __linux__
#include <sys/mount.h>
#endif

using namespace nix;

struct CmdRun : MixInstallables
{
    CmdRun()
    {
    }

    std::string name() override
    {
        return "run";
    }

    std::string description() override
    {
        return "run a shell in which the specified packages are available";
    }

    void run(ref<Store> store) override
    {
        auto paths = buildInstallables(store, false);

        auto store2 = store.dynamic_pointer_cast<LocalStore>();

        if (store2 && store->storeDir != store2->realStoreDir) {
#if __linux__
            uid_t uid = getuid();
            uid_t gid = getgid();

            if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1)
                throw SysError("setting up a private mount namespace");

            /* Bind-mount realStoreDir on /nix/store. If the latter
               mount point doesn't already exists, we have to create a
               chroot environment containing the mount point and bind
               mounts for the children of /. Would be nice if we could
               use overlayfs here, but that doesn't work in a user
               namespace yet (Ubuntu has a patch for this:
               https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1478578). */
            if (!pathExists(store->storeDir)) {
                // FIXME: Use overlayfs?

                Path tmpDir = createTempDir();

                createDirs(tmpDir + store->storeDir);

                if (mount(store2->realStoreDir.c_str(), (tmpDir + store->storeDir).c_str(), "", MS_BIND, 0) == -1)
                    throw SysError(format("mounting ‘%s’ on ‘%s’") % store2->realStoreDir % store->storeDir);

                for (auto entry : readDirectory("/")) {
                    Path dst = tmpDir + "/" + entry.name;
                    if (pathExists(dst)) continue;
                    if (mkdir(dst.c_str(), 0700) == -1)
                        throw SysError(format("creating directory ‘%s’") % dst);
                    if (mount(("/" + entry.name).c_str(), dst.c_str(), "", MS_BIND | MS_REC, 0) == -1)
                        throw SysError(format("mounting ‘%s’ on ‘%s’") %  ("/" + entry.name) % dst);
                }

                char * cwd = getcwd(0, 0);
                if (!cwd) throw SysError("getting current directory");
                Finally freeCwd([&]() { free(cwd); });

                if (chroot(tmpDir.c_str()) == -1)
                    throw SysError(format("chrooting into ‘%s’") % tmpDir);

                if (chdir(cwd) == -1)
                    throw SysError(format("chdir to ‘%s’ in chroot") % cwd);
            } else
                if (mount(store2->realStoreDir.c_str(), store->storeDir.c_str(), "", MS_BIND, 0) == -1)
                    throw SysError(format("mounting ‘%s’ on ‘%s’") % store2->realStoreDir % store->storeDir);

            writeFile("/proc/self/setgroups", "deny");
            writeFile("/proc/self/uid_map", (format("%d %d %d") % uid % uid % 1).str());
            writeFile("/proc/self/gid_map", (format("%d %d %d") % gid % gid % 1).str());
#else
            throw Error(format("mounting the Nix store on ‘%s’ is not supported on this platform") % store->storeDir);
#endif
        }

        PathSet outPaths;
        for (auto & path : paths)
            if (isDerivation(path)) {
                Derivation drv = store->derivationFromPath(path);
                for (auto & output : drv.outputs)
                    outPaths.insert(output.second.path);
            } else
                outPaths.insert(path);

        auto unixPath = tokenizeString<Strings>(getEnv("PATH"), ":");
        for (auto & path : outPaths)
            if (pathExists(path + "/bin"))
                unixPath.push_front(path + "/bin");
        setenv("PATH", concatStringsSep(":", unixPath).c_str(), 1);

        if (execlp("bash", "bash", nullptr) == -1)
            throw SysError("unable to exec ‘bash’");
    }
};

static RegisterCommand r1(make_ref<CmdRun>());