diff options
| -rw-r--r-- | pkgs/build-support/build-sandbox/src/setup.c | 17 | ||||
| -rw-r--r-- | tests/sandbox.nix | 7 |
2 files changed, 18 insertions, 6 deletions
diff --git a/pkgs/build-support/build-sandbox/src/setup.c b/pkgs/build-support/build-sandbox/src/setup.c index dc8bbf14..63b72773 100644 --- a/pkgs/build-support/build-sandbox/src/setup.c +++ b/pkgs/build-support/build-sandbox/src/setup.c @@ -769,13 +769,18 @@ static bool setup_chroot(void) if (!bind_mount("/dev", false, false, false)) return false; - if (!makedirs(FS_ROOT_DIR "/proc", false)) - return false; +#if (EXTRA_NS_FLAGS) & CLONE_NEWPID + if (!makedirs(FS_ROOT_DIR "/proc", false)) + return false; - if (mount("none", FS_ROOT_DIR "/proc", "proc", 0, NULL) == -1) { - perror("mount /proc"); - return false; - } + if (mount("none", FS_ROOT_DIR "/proc", "proc", 0, NULL) == -1) { + perror("mount /proc"); + return false; + } +#else + if (!bind_mount("/proc", false, false, false)) + return false; +#endif if (!bind_mount("/sys", false, false, false)) return false; diff --git a/tests/sandbox.nix b/tests/sandbox.nix index b9f087a0..b3ad80d1 100644 --- a/tests/sandbox.nix +++ b/tests/sandbox.nix @@ -135,6 +135,11 @@ echo hello network | ${pkgs.netcat-openbsd}/bin/nc -N 127.0.0.1 3000 \ || echo netcat has failed '') { namespaces.net = true; }) + + (pkgs.vuizvui.buildSandbox (pkgs.writeScriptBin "test-sandbox4" '' + #!${pkgs.stdenv.shell} + test $$ -gt 5 && echo no pid namespace + '') { namespaces.pid = false; }) ]; users.users.foo.isNormalUser = true; }; @@ -162,5 +167,7 @@ machine.succeed('test "$(su -c test-sandbox3 foo)" = "netcat has failed"') machine.fail('grep -F "hello network" /tmp/netns.log') machine.succeed('grep -F "root netns" /tmp/netns.log') + + machine.succeed('test "$(su -c test-sandbox4 foo)" = "no pid namespace"') ''; } |