mirror of
https://github.com/NixOS/nix
synced 2025-06-28 01:11:15 +02:00
Fix auto-uid-allocation in Docker containers
This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13).
This commit is contained in:
Eelco Dolstra
parent
1ba13b17db
commit
fb2f7f5dcc
3 changed files with 91 additions and 63 deletions
9
src/libutil/namespaces.hh
Normal file
9
src/libutil/namespaces.hh
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
#pragma once
|
||||
|
||||
namespace nix {
|
||||
|
||||
bool userNamespacesSupported();
|
||||
|
||||
bool mountNamespacesSupported();
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue