Merge branch 'master' into staging

4 files changed, 13 insertions, 30 deletions

diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index a93095dd1e..d68e8b2bc0 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -2009,10 +2009,10 @@ void DerivationGoal::startBuilder()
 	char stack[32 * 1024];
 	int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | SIGCHLD;
 	if (!fixedOutput) flags |= CLONE_NEWNET;
-
 	/* Ensure proper alignment on the stack.  On aarch64, it has to be 16
 	   bytes.  */
-	pid = clone(childEntry, (char *)(((uintptr_t)stack + 16) & ~0xf),
+	pid = clone(childEntry,
+		    (char *)(((uintptr_t)stack + sizeof(stack) - 8) & ~(uintptr_t)0xf),
 		    flags, this);
 	if (pid == -1)
 	    throw SysError("cloning builder process");
@@ -2086,12 +2086,8 @@ void DerivationGoal::runChild()
                outside of the namespace.  Making a subtree private is
                local to the namespace, though, so setting MS_PRIVATE
                does not affect the outside world. */
-            Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
-            foreach (Strings::iterator, i, mounts) {
-                vector<string> fields = tokenizeString<vector<string> >(*i, " ");
-                string fs = decodeOctalEscaped(fields.at(4));
-                if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
-                    throw SysError(format("unable to make filesystem `%1%' private") % fs);
+            if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
+                throw SysError("unable to make ‘/’ private mount");
             }
 
             /* Bind-mount chroot directory to itself, to treat it as a
diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
index c07754487e..768e12b5e4 100644
--- a/nix/libutil/util.cc
+++ b/nix/libutil/util.cc
@@ -1106,21 +1106,6 @@ bool endOfList(std::istream & str)
 }
 
 
-string decodeOctalEscaped(const string & s)
-{
-    string r;
-    for (string::const_iterator i = s.begin(); i != s.end(); ) {
-        if (*i != '\\') { r += *i++; continue; }
-        unsigned char c = 0;
-        ++i;
-        while (i != s.end() && *i >= '0' && *i < '8')
-            c = c * 8 + (*i++ - '0');
-        r += c;
-    }
-    return r;
-}
-
-
 void ignoreException()
 {
     try {
diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh
index e84d64d10a..6a6e07c478 100644
--- a/nix/libutil/util.hh
+++ b/nix/libutil/util.hh
@@ -356,12 +356,6 @@ string parseString(std::istream & str);
 bool endOfList(std::istream & str);
 
 
-/* Escape a string that contains octal-encoded escape codes such as
-   used in /etc/fstab and /proc/mounts (e.g. "foo\040bar" decodes to
-   "foo bar"). */
-string decodeOctalEscaped(const string & s);
-
-
 /* Exception handling in destructors: print an error message, then
    ignore the exception. */
 void ignoreException();
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 7d26b61354..deb7003d7e 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -436,7 +436,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
         bool sign = readInt(from) == 1;
         startWork();
         TunnelSink sink(to);
-        store->exportPath(path, sign, sink);
+	try {
+	    store->exportPath(path, sign, sink);
+	}
+	catch (Error &e) {
+	    /* Flush SINK beforehand or its destructor will rightfully trigger
+	       an assertion failure.  */
+	    sink.flush();
+	    throw e;
+	}
         sink.flush();
         stopWork();
         writeInt(1, to);