wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-29 10:31:15 +02:00
Code Activity

Open slave pseudoterminal before CLONE_NEWUSER

Browse source 
Otherwise, when running as root and user namespaces are enabled,
opening the slave fails with EPERM.

Fixes "opening pseudoterminal slave: Permission denied" followed by a
hang (https://hydra.nixos.org/build/213104244), and "error: getting
sandbox mount namespace: No such file or directory" (#8072), which
happens when the child fails very quickly and consequently reading
/proc/<child>/ns fails.
This commit is contained in:
Eelco Dolstra 2023-03-20 17:04:57 +01:00
parent 83b977ff07
commit 16db8dc96f
3 changed files with 33 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/libutil/util.cc
View file

@ -1983,7 +1983,7 @@ void commonChildInit(int stderrFd)
throw SysError("creating a new session");
/* Dup the write side of the logger pipe into stderr. */
if (dup2(stderrFd, STDERR_FILENO) == -1)
if (stderrFd != -1 && dup2(stderrFd, STDERR_FILENO) == -1)
throw SysError("cannot pipe standard error into log file");
/* Dup stderr to stdout. */