[Nix-dev] Bind mounts are Evil(TM)

Eelco Dolstra e.dolstra at tudelft.nl
Wed Oct 8 15:06:56 CEST 2008


Hi,

Ludovic Courtès wrote:

> There are days when one had better stay in bed.  Today was one of these
> for me.
> 
> This morning, I decided I'd "rm -rf" some of the things under /tmp.
> Among these things were `chroot-*' directories.  After that "rm -rf"
> succeeded, I started to stumble upon "Command not found" messages.  This
> reminded me that earlier in the morning, for some reason, `nix-env' had
> failed to unmount a bind mount in a chroot...
> 
> IOW, my harmless-looking "rm -rf" had deleted the contents of
> /nix/store, which, needless to say, is a Bad Thing.  :-)

Ai ai, I had feared this might happen.  From the Nix sources
(src/libstore/build.cc):

    if (useChroot) {
#if CHROOT_ENABLED
        /* Create a temporary directory in which we set up the chroot
           environment using bind-mounts.

           !!! Big danger here: since we're doing this in /tmp, there
           is a risk that the admin does something like "rm -rf
           /tmp/chroot-nix-*" to clean up aborted builds, and if some
           of the bind-mounts are still active, then "rm -rf" will
           happily recurse into those mount points (thereby deleting,
           say, /nix/store).  Ideally, chrootRootDir should be created in
           some special location (maybe in /nix/var/nix) where Nix
           takes care of unmounting / deleting old chroots
           automatically. */
        chrootRootDir = createTempDir("", "chroot-nix");

...

So we really should create the bind mount somewhere else...  Not that that
really fixes the problem - somebody might still "clean up" whatever directory we
use.  The only real solution would be per-process bind mounts, which would cause
the bind mount to disappear automatically when the Nix process exits (and they
wouldn't be visible for other processes, so you wouldn't be able to rm -rf
them).  (I think this is in the pipeline for the Linux kernel.)

-- 
Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/



More information about the nix-dev mailing list