Split up util.{hh,cc}

All OS and IO operations should be moved out, leaving only some misc portable pure functions. This is useful to avoid copious CPP when doing things like Windows and Emscripten ports. Newly exposed functions to break cycles: - `restoreSignals` - `updateWindowSize`
2025-07-06 21:41:48 +02:00 · 2023-10-25 00:43:36 -04:00 · 2023-10-25 00:43:36 -04:00 · ac89bb064a
commit ac89bb064a
parent 2678b51b31
138 changed files with 3028 additions and 2654 deletions
--- a/src/libutil/namespaces.cc
+++ b/src/libutil/namespaces.cc
@ -1,13 +1,22 @@
-#if __linux__
-
-#include "namespaces.hh"
+#include "current-process.hh"
 #include "util.hh"
 #include "finally.hh"
+#include "file-system.hh"
+#include "processes.hh"
+#include "signals.hh"
+
+#if __linux__
+# include <mutex>
+# include <sys/resource.h>
+# include "cgroup.hh"
+#endif

 #include <sys/mount.h>

 namespace nix {

+#if __linux__
+
 bool userNamespacesSupported()
 {
    static auto res = [&]() -> bool
@ -92,6 +101,60 @@ bool mountAndPidNamespacesSupported()
    return res;
 }

+#endif
+
+
+//////////////////////////////////////////////////////////////////////
+
+#if __linux__
+static AutoCloseFD fdSavedMountNamespace;
+static AutoCloseFD fdSavedRoot;
+#endif
+
+void saveMountNamespace()
+{
+#if __linux__
+    static std::once_flag done;
+    std::call_once(done, []() {
+        fdSavedMountNamespace = open("/proc/self/ns/mnt", O_RDONLY);
+        if (!fdSavedMountNamespace)
+            throw SysError("saving parent mount namespace");
+
+        fdSavedRoot = open("/proc/self/root", O_RDONLY);
+    });
+#endif
 }

+void restoreMountNamespace()
+{
+#if __linux__
+    try {
+        auto savedCwd = absPath(".");
+
+        if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
+            throw SysError("restoring parent mount namespace");
+
+        if (fdSavedRoot) {
+            if (fchdir(fdSavedRoot.get()))
+                throw SysError("chdir into saved root");
+            if (chroot("."))
+                throw SysError("chroot into saved root");
+        }
+
+        if (chdir(savedCwd.c_str()) == -1)
+            throw SysError("restoring cwd");
+    } catch (Error & e) {
+        debug(e.msg());
+    }
 #endif
+}
+
+void unshareFilesystem()
+{
+#ifdef __linux__
+    if (unshare(CLONE_FS) != 0 && errno != EPERM)
+        throw SysError("unsharing filesystem state in download thread");
+#endif
+}
+
+}