Merge pull request ocaml#3399 from gasche/ccache-sandbox

if 'ccache' is installed, add its cache directory to the sandbox (rw)
OCamlPro · Jun 13, 2018 · 668f599 · 668f599
2 parents 20066e2 + 74dba6b
commit 668f599
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/src/state/shellscripts/bwrap.sh b/src/state/shellscripts/bwrap.sh
@@ -25,12 +25,29 @@ add_mounts() {
 
 add_mounts ro /usr /bin /lib /lib32 /lib64 /etc /opt /nix/store /home
 
+# C compilers using `ccache` will write to a shared cache directory
+# that remain writeable. ccache seems widespread in some Fedora systems.
+add_ccache_mount() {
+  if command -v ccache > /dev/null; then
+      CCACHE_DIR=$HOME/.ccache
+      ccache_dir_regex='cache_dir = (.*)$'
+      local IFS=$'\n'
+      for f in $(ccache --print-config); do
+        if [[ $f =~ $ccache_dir_regex ]]; then
+          CCACHE_DIR=${BASH_REMATCH[1]}
+        fi
+      done
+      add_mounts rw $CCACHE_DIR
+  fi
+}
+
 # This case-switch should remain identical between the different sandbox implems
 COMMAND="$1"; shift
 case "$COMMAND" in
     build)
         add_mounts ro "$OPAM_SWITCH_PREFIX"
         add_mounts rw "$PWD"
+        add_ccache_mount
         ;;
     install)
         add_mounts rw "$OPAM_SWITCH_PREFIX"

diff --git a/src/state/shellscripts/sandbox_exec.sh b/src/state/shellscripts/sandbox_exec.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -ue
+#!/bin/bash -ue
 
 POL='(version 1)(allow default)(deny network*)(deny file-write*)'
 POL="$POL"'(allow file-write* (literal "/dev/null"))'
@@ -13,12 +13,29 @@ add_mounts() {
 
 add_mounts rw "${TMPDIR:-/tmp}"
 
+# C compilers using `ccache` will write to a shared cache directory
+# that remain writeable. ccache seems widespread in some Fedora systems.
+add_ccache_mount() {
+  if command -v ccache > /dev/null; then
+      CCACHE_DIR=$HOME/.ccache
+      ccache_dir_regex='cache_dir = (.*)$'
+      local IFS=$'\n'
+      for f in $(ccache --print-config); do
+        if [[ $f =~ $ccache_dir_regex ]]; then
+          CCACHE_DIR=${BASH_REMATCH[1]}
+        fi
+      done
+      add_mounts rw $CCACHE_DIR
+  fi
+}
+
 # This case-switch should remain identical between the different sandbox implems
 COMMAND="$1"; shift
 case "$COMMAND" in
     build)
         add_mounts ro "$OPAM_SWITCH_PREFIX"
         add_mounts rw "$PWD"
+        add_ccache_mount
         ;;
     install)
         add_mounts rw "$OPAM_SWITCH_PREFIX"