From d5fdfdc59294bbbf9c27479fb2ca3ecee71dc659 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 22 May 2024 16:04:14 -0400 Subject: [PATCH 1/2] `unshareFilesystem`: Do not assume caller --- src/libstore/filetransfer.cc | 7 ++++++- src/libutil/linux/namespaces.cc | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index 219b60c44..e28dd43ec 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -580,7 +580,12 @@ struct curlFileTransfer : public FileTransfer #endif #if __linux__ - unshareFilesystem(); + try { + unshareFilesystem(); + } catch (nix::Error & e) { + e.addTrace({}, "in download thread"); + throw; + } #endif std::map> items; diff --git a/src/libutil/linux/namespaces.cc b/src/libutil/linux/namespaces.cc index f8289ef39..cb7a0d6e7 100644 --- a/src/libutil/linux/namespaces.cc +++ b/src/libutil/linux/namespaces.cc @@ -140,7 +140,7 @@ void restoreMountNamespace() void unshareFilesystem() { if (unshare(CLONE_FS) != 0 && errno != EPERM) - throw SysError("unsharing filesystem state in download thread"); + throw SysError("unsharing filesystem state"); } } From dc7615dbbb38bd949e3aa2198ca7e3a12c09db8f Mon Sep 17 00:00:00 2001 From: John Ericson Date: Wed, 22 May 2024 16:04:40 -0400 Subject: [PATCH 2/2] `tryUnshareFilesystem`: Ignore `ENOSYS` too Fixes #10747 --- src/libstore/filetransfer.cc | 2 +- src/libutil/linux/namespaces.cc | 4 ++-- src/libutil/linux/namespaces.hh | 6 ++++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index e28dd43ec..a54ebdcf3 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -581,7 +581,7 @@ struct curlFileTransfer : public FileTransfer #if __linux__ try { - unshareFilesystem(); + tryUnshareFilesystem(); } catch (nix::Error & e) { e.addTrace({}, "in download thread"); throw; diff --git a/src/libutil/linux/namespaces.cc b/src/libutil/linux/namespaces.cc index cb7a0d6e7..d4766cbba 100644 --- a/src/libutil/linux/namespaces.cc +++ b/src/libutil/linux/namespaces.cc @@ -137,9 +137,9 @@ void restoreMountNamespace() } } -void unshareFilesystem() +void tryUnshareFilesystem() { - if (unshare(CLONE_FS) != 0 && errno != EPERM) + if (unshare(CLONE_FS) != 0 && errno != EPERM && errno != ENOSYS) throw SysError("unsharing filesystem state"); } diff --git a/src/libutil/linux/namespaces.hh b/src/libutil/linux/namespaces.hh index ef3c9123f..208920b80 100644 --- a/src/libutil/linux/namespaces.hh +++ b/src/libutil/linux/namespaces.hh @@ -20,11 +20,13 @@ void saveMountNamespace(); void restoreMountNamespace(); /** - * Cause this thread to not share any FS attributes with the main + * Cause this thread to try to not share any FS attributes with the main * thread, because this causes setns() in restoreMountNamespace() to * fail. + * + * This is best effort -- EPERM and ENOSYS failures are just ignored. */ -void unshareFilesystem(); +void tryUnshareFilesystem(); bool userNamespacesSupported();