From ec8f24ed3a3115cba85f908515c423112e5b13e0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 16 Dec 2021 21:26:22 +0100 Subject: [PATCH] Ignore EPERM when unsharing FS state On Docker (but not podman), unshare(CLONE_FS) fails with EPERM. So let's ignore it and hope nothing bad happens. Attempted fix for #5777. --- src/libstore/filetransfer.cc | 8 +------- src/libutil/util.cc | 8 ++++++++ src/libutil/util.hh | 5 +++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index 4621a8217..17980ab22 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -544,13 +544,7 @@ struct curlFileTransfer : public FileTransfer stopWorkerThread(); }); -#ifdef __linux__ - /* Cause this thread to not share any FS attributes with the main thread, - because this causes setns() in restoreMountNamespace() to fail. - Ideally, this would happen in the std::thread() constructor. */ - if (unshare(CLONE_FS) != 0) - throw SysError("unsharing filesystem state in download thread"); -#endif + unshareFilesystem(); std::map> items; diff --git a/src/libutil/util.cc b/src/libutil/util.cc index 1b6467eb2..43fea1b1e 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -1660,6 +1660,14 @@ void restoreMountNamespace() #endif } +void unshareFilesystem() +{ +#ifdef __linux__ + if (unshare(CLONE_FS) != 0 && errno != EPERM) + throw SysError("unsharing filesystem state in download thread"); +#endif +} + void restoreProcessContext(bool restoreMounts) { restoreSignals(); diff --git a/src/libutil/util.hh b/src/libutil/util.hh index bc96bfed1..4cc043a84 100644 --- a/src/libutil/util.hh +++ b/src/libutil/util.hh @@ -311,6 +311,11 @@ void saveMountNamespace(); if saveMountNamespace() was never called. */ void restoreMountNamespace(); +/* Cause this thread to not share any FS attributes with the main + thread, because this causes setns() in restoreMountNamespace() to + fail. */ +void unshareFilesystem(); + class ExecError : public Error {