Fix 'Read-only file system' when building a derivation

src/libstore/build.cc

@@ -2193,6 +2193,7 @@ void DerivationGoal::startBuilder()
         userNamespaceSync.create();
 
         options.allowVfork = false;
+        options.restoreMountNamespace = false;
 
         Pid helper = startProcess([&]() {
 
@@ -2259,6 +2260,7 @@ void DerivationGoal::startBuilder()
 #endif
     {
         options.allowVfork = !buildUser && !drv->isBuiltin();
+        options.restoreMountNamespace = false;
         pid = startProcess([&]() {
             runChild();
         }, options);

src/libutil/util.cc

@@ -936,7 +936,8 @@ pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
                 throw SysError("setting death signal");
 #endif
             restoreAffinity();
-            restoreMountNamespace();
+            if (options.restoreMountNamespace)
+                restoreMountNamespace();
             fun();
         } catch (std::exception & e) {
             try {

src/libutil/util.hh

@@ -250,6 +250,7 @@ struct ProcessOptions
     bool dieWithParent = true;
     bool runExitHandlers = false;
     bool allowVfork = true;
+    bool restoreMountNamespace = true;
 };
 
 pid_t startProcess(std::function<void()> fun, const ProcessOptions & options = ProcessOptions());