Branch: refs/heads/master
Home: https://github.com/NixOS/nix
Commit: 524f89f1399724e596f61faba2c6861b1bb7b9c5
https://github.com/NixOS/nix/commit/524f89f1399724e596f61faba2c6861b1bb7b9c5
Author: Eelco Dolstra <[email protected]>
Date: 2014-08-21 (Thu, 21 Aug 2014)
Changed paths:
M src/libstore/build.cc
Log Message:
-----------
Use unshare() instead of clone()
It turns out that using clone() to start a child process is unsafe in
a multithreaded program. It can cause the initialisation of a build
child process to hang in setgroups(), as seen several times in the
build farm:
The reason is that Glibc thinks that the other threads of the parent
exist in the child, so in setxid_mark_thread() it tries to get a futex
that has been acquired by another thread just before the clone(). With
fork(), Glibc runs pthread_atfork() handlers that take care of this
(in particular, __reclaim_stacks()). But clone() doesn't do that.
Fortunately, we can use fork()+unshare() instead of clone() to set up
private namespaces.
See also
https://www.mail-archive.com/[email protected]/msg03434.html.
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
