Hi,
Ludovic Courtès wrote:
> There are days when one had better stay in bed. Today was one of these
> for me.
>
> This morning, I decided I'd "rm -rf" some of the things under /tmp.
> Among these things were `chroot-*' directories. After that "rm -rf"
> succeeded, I started to stumble upon "Command not found" messages. This
> reminded me that earlier in the morning, for some reason, `nix-env' had
> failed to unmount a bind mount in a chroot...
>
> IOW, my harmless-looking "rm -rf" had deleted the contents of
> /nix/store, which, needless to say, is a Bad Thing. :-)
Ai ai, I had feared this might happen. From the Nix sources
(src/libstore/build.cc):
if (useChroot) {
#if CHROOT_ENABLED
/* Create a temporary directory in which we set up the chroot
environment using bind-mounts.
!!! Big danger here: since we're doing this in /tmp, there
is a risk that the admin does something like "rm -rf
/tmp/chroot-nix-*" to clean up aborted builds, and if some
of the bind-mounts are still active, then "rm -rf" will
happily recurse into those mount points (thereby deleting,
say, /nix/store). Ideally, chrootRootDir should be created in
some special location (maybe in /nix/var/nix) where Nix
takes care of unmounting / deleting old chroots
automatically. */
chrootRootDir = createTempDir("", "chroot-nix");
...
So we really should create the bind mount somewhere else... Not that that
really fixes the problem - somebody might still "clean up" whatever directory we
use. The only real solution would be per-process bind mounts, which would cause
the bind mount to disappear automatically when the Nix process exits (and they
wouldn't be visible for other processes, so you wouldn't be able to rm -rf
them). (I think this is in the pipeline for the Linux kernel.)
--
Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/