Revert "Restore parent mount namespace before executing a child process"

This reverts commit a0ef21262f. This doesn't work in 'nix run' and nix-shell because setns() fails in multithreaded programs, and Boehm GC mark threads are uncancellable. Fixes #2646.
2019-02-05 10:49:19 +01:00 · 2019-02-05 10:49:19 +01:00 · 01d07b1e92
parent 92d08c02c8
commit 01d07b1e92
9 changed files with 4 additions and 52 deletions
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -2193,7 +2193,6 @@ void DerivationGoal::startBuilder()
        userNamespaceSync.create();

        options.allowVfork = false;
-        options.restoreMountNamespace = false;

        Pid helper = startProcess([&]() {

@ -2260,7 +2259,6 @@ void DerivationGoal::startBuilder()
 #endif
    {
        options.allowVfork = !buildUser && !drv->isBuiltin();
-        options.restoreMountNamespace = false;
        pid = startProcess([&]() {
            runChild();
        }, options);
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -366,8 +366,6 @@ void LocalStore::makeStoreWritable()
        throw SysError("getting info about the Nix store mount point");

    if (stat.f_flag & ST_RDONLY) {
-        saveMountNamespace();
-
        if (unshare(CLONE_NEWNS) == -1)
            throw SysError("setting up a private mount namespace");

--- a/src/libstore/ssh.cc
+++ b/src/libstore/ssh.cc
@ -1,5 +1,4 @@
 #include "ssh.hh"
-#include "affinity.hh"

 namespace nix {

@ -35,9 +34,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string

    auto conn = std::make_unique<Connection>();
    conn->sshPid = startProcess([&]() {
-        restoreAffinity();
        restoreSignals();
-        restoreMountNamespace();

        close(in.writeSide.get());
        close(out.readSide.get());
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -936,8 +936,6 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
                throw SysError("setting death signal");
 #endif
            restoreAffinity();
-            if (options.restoreMountNamespace)
-                restoreMountNamespace();
            fun();
        } catch (std::exception & e) {
            try {
@ -1506,26 +1504,4 @@ std::unique_ptr<InterruptCallback> createInterruptCallback(std::function<void()>
    return std::unique_ptr<InterruptCallback>(res.release());
 }

-static AutoCloseFD fdSavedMountNamespace;
-
-void saveMountNamespace()
-{
-#if __linux__
-    std::once_flag done;
-    std::call_once(done, []() {
-        fdSavedMountNamespace = open("/proc/self/ns/mnt", O_RDONLY);
-        if (!fdSavedMountNamespace)
-            throw SysError("saving parent mount namespace");
-    });
-#endif
-}
-
-void restoreMountNamespace()
-{
-#if __linux__
-    if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
-        throw SysError("restoring parent mount namespace");
-#endif
-}
-
 }
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@ -250,7 +250,6 @@ struct ProcessOptions
    bool dieWithParent = true;
    bool runExitHandlers = false;
    bool allowVfork = true;
-    bool restoreMountNamespace = true;
 };

 pid_t startProcess(std::function<void()> fun, const ProcessOptions & options = ProcessOptions());
@ -515,13 +514,4 @@ typedef std::function<bool(const Path & path)> PathFilter;
 extern PathFilter defaultPathFilter;


-/* Save the current mount namespace. Ignored if called more than
-   once. */
-void saveMountNamespace();
-
-/* Restore the mount namespace saved by saveMountNamespace(). Ignored
-   if saveMountNamespace() was never called. */
-void restoreMountNamespace();
-
-
 }
--- a/src/nix-build/nix-build.cc
+++ b/src/nix-build/nix-build.cc
@ -401,6 +401,8 @@ static void _main(int argc, char * * argv)
            } else
                env[var.first] = var.second;

+        restoreAffinity();
+
        /* Run a shell using the derivation's environment.  For
           convenience, source $stdenv/setup to setup additional
           environment variables and shell functions.  Also don't
@ -444,9 +446,7 @@ static void _main(int argc, char * * argv)

        auto argPtrs = stringsToCharPtrs(args);

-        restoreAffinity();
        restoreSignals();
-        restoreMountNamespace();

        execvp(shell.c_str(), argPtrs.data());

--- a/src/nix/edit.cc
+++ b/src/nix/edit.cc
@ -3,7 +3,6 @@
 #include "eval.hh"
 #include "attr-path.hh"
 #include "progress-bar.hh"
-#include "affinity.hh"

 #include <unistd.h>

@ -73,10 +72,6 @@ struct CmdEdit : InstallableCommand

        stopProgressBar();

-        restoreAffinity();
-        restoreSignals();
-        restoreMountNamespace();
-
        execvp(args.front().c_str(), stringsToCharPtrs(args).data());

        throw SysError("cannot run editor '%s'", editor);
--- a/src/nix/repl.cc
+++ b/src/nix/repl.cc
@ -337,8 +337,6 @@ static int runProgram(const string & program, const Strings & args)
    if (pid == -1) throw SysError("forking");
    if (pid == 0) {
        restoreAffinity();
-        restoreSignals();
-        restoreMountNamespace();
        execvp(program.c_str(), stringsToCharPtrs(args2).data());
        _exit(1);
    }
--- a/src/nix/run.cc
+++ b/src/nix/run.cc
@ -153,9 +153,9 @@ struct CmdRun : InstallablesCommand

        stopProgressBar();

-        restoreAffinity();
        restoreSignals();
-        restoreMountNamespace();
+
+        restoreAffinity();

        /* If this is a diverted store (i.e. its "logical" location
           (typically /nix/store) differs from its "physical" location