[bug#28134] Nix daemon incorrectly decodes octal escapes in mount names

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#28134] Nix daemon incorrectly decodes octal escapes in mount names

From:	Andy Wingo
Subject:	[bug#28134] Nix daemon incorrectly decodes octal escapes in mount names
Date:	Fri, 18 Aug 2017 11:09:06 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Hi,

With Guix at 3bfa7af41754a19faa1b3b7232fd080436ccb386 I tried to build
an installation image:

  guix system disk-image gnu/system/install.scm

However:

  guix system: error: build failed: while setting up the build environment: 
unable to make filesystem `/media/wingo/Ubuntu.04.2 LTS amd64' private: No such 
file or directory

That's weird; I do have an Ubuntu installer USB stick inserted though,
the name looks similar but a bit weird...

  $ ls /media/wingo
  'Ubuntu 16.04.2 LTS amd64'

  $ mount | grep wingo
  /dev/sdc1 on /media/wingo/Ubuntu 16.04.2 LTS amd64 type iso9660 
(ro,nosuid,nodev,relatime,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2)

  $ grep wingo /proc/self/mountinfo
  89 22 8:33 / /media/wingo/Ubuntu\04016.04.2\040LTS\040amd64 
ro,nosuid,nodev,relatime - iso9660 /dev/sdc1 
ro,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500

I see in nix/libstore.build.cc around line 2090:

  /* Make all filesystems private.  This is necessary
     because subtrees may have been mounted as "shared"
     (MS_SHARED).  (Systemd does this, for instance.)  Even
     though we have a private mount namespace, mounting
     filesystems on top of a shared subtree still propagates
     outside of the namespace.  Making a subtree private is
     local to the namespace, though, so setting MS_PRIVATE
     does not affect the outside world. */
  Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", 
true), "\n");
  foreach (Strings::iterator, i, mounts) {
      vector<string> fields = tokenizeString<vector<string> >(*i, " ");
      string fs = decodeOctalEscaped(fields.at(4));
      if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
          throw SysError(format("unable to make filesystem `%1%' private") % 
fs);
  }

I guess it would seem that decodeOctalEscaped didn't work?  Indeed, from 
nix/libutil/util.cc:

  string decodeOctalEscaped(const string & s)
  {
      string r;
      for (string::const_iterator i = s.begin(); i != s.end(); ) {
          if (*i != '\\') { r += *i++; continue; }
          unsigned char c = 0;
          ++i;
          while (i != s.end() && *i >= '0' && *i < '8')
              c = c * 8 + (*i++ - '0');
          r += c;
      }
      return r;
  }

The same code is in upstream Nix:

  https://github.com/NixOS/nix/blob/master/src/libutil/util.cc#L1143

The octal escape is generated by the kernel, ultimately by this function:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/seq_file.c#n416

The kernel always generates three-character octal escapes.

However it looks like upstream Nix no longer uses this function; instead
they use the MS_REC flag:

  if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) {
      throw SysError("unable to make '/' private mount");
  }
  
So I will change our copy of the daemon to do the same.

Andy

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#28134] Nix daemon incorrectly decodes octal escapes in mount names, Andy Wingo <=
- bug#28134: Applied in 842e0e439a22081be1b4fed7ddc21d6d228afd10, Andy Wingo, 2017/08/21

Prev by Date: [bug#28131] [PATCH] gnu: Update emacs-org to 20170814.
Next by Date: [bug#28135] Updating gobby
Previous by thread: [bug#27887] [PATCH] services: Add libvirt services
Next by thread: bug#28134: Applied in 842e0e439a22081be1b4fed7ddc21d6d228afd10
Index(es):
- Date
- Thread