mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restore parent mount namespace before executing a child process

Browse source 
This ensures that they can't write to /nix/store. Fixes #2535.
This commit is contained in:
Eelco Dolstra 2018-11-13 16:15:30 +01:00
parent 56f6e382be
commit a0ef21262f
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
8 changed files with 48 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/libutil/util.hh
View file

@ -514,4 +514,13 @@ typedef std::function<bool(const Path & path)> PathFilter;
extern PathFilter defaultPathFilter;
/* Save the current mount namespace. Ignored if called more than
once. */
void saveMountNamespace();
/* Restore the mount namespace saved by saveMountNamespace(). Ignored
if saveMountNamespace() was never called. */
void restoreMountNamespace();
}