sandbox: Easier debugging of sandbox failures, when using both --verb…

…ose_failures and --sandbox_debug. RELNOTES: - When using both --verbose_failures and --sandbox_debug, Bazel prints instructions how to spawn a debugging shell inside the sandbox. - When namespace-sandbox is run with the -D (debug) flag and inside a terminal, it spawns a shell inside the sandbox to aid in debugging when the sandboxed command fails. -- MOS_MIGRATED_REVID=114953983
bazelbuild · Feb 19, 2016 · 40ee9de · 40ee9de
1 parent 9f93673
commit 40ee9de
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 6 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java
@@ -47,6 +47,11 @@
 public class NamespaceSandboxRunner {
   private static final String NAMESPACE_SANDBOX =
       "namespace-sandbox" + OsUtils.executableExtension();
+  private static final String SANDBOX_TIP =
+      "\n\nSandboxed execution failed, which may be legitimate (e.g. a compiler error), "
+          + "or due to missing dependencies. To enter the sandbox environment for easier debugging,"
+          + " run the following command in brackets. On command failure, "
+          + "a bash shell running inside the sandbox will then automatically be spawned\n\n";
   private final Path execRoot;
   private final Path sandboxPath;
   private final Path sandboxExecRoot;
@@ -198,8 +203,9 @@ public void run(
       }
       String message =
           CommandFailureUtils.describeCommandFailure(
-              verboseFailures, spawnArguments, env, cwd.getPath());
-      throw new UserExecException(message, e, timedOut);
+              verboseFailures, commandLineArgs, env, cwd.getPath());
+      String finalMsg = (sandboxDebug && verboseFailures) ? SANDBOX_TIP + message : message;
+      throw new UserExecException(finalMsg, e, timedOut);
     } finally {
       copyOutputs(outputs);
     }
@@ -230,7 +236,7 @@ public void cleanup() throws IOException {
     if (sandboxPath.exists()) {
       FileSystemUtils.deleteTree(sandboxPath);
     }
-    if (argumentsFilePath.exists()) {
+    if (!sandboxDebug && argumentsFilePath.exists()) {
       argumentsFilePath.delete();
     }
   }

diff --git a/src/main/tools/namespace-sandbox.c b/src/main/tools/namespace-sandbox.c
@@ -16,6 +16,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <ftw.h>
 #include <libgen.h>
 #include <limits.h>
 #include <pwd.h>
@@ -476,7 +477,31 @@ static void SetupDevices() {
   CHECK_CALL(symlink("/proc/self/fd", "dev/fd"));
 }
 
+static int rmrf(const char *fpath, const struct stat *sb, int typeflag,
+                struct FTW *ftwbuf) {
+  if (typeflag == FTW_DP) {
+    return rmdir(fpath);
+  } else {
+    return unlink(fpath);
+  }
+}
+
 static void SetupDirectories(struct Options *opt) {
+  // If in sandbox_debug mode and debugging, create the sandbox root dir first
+  if (global_debug && isatty(fileno(stdin))) {
+    // Enter sandbox_debug mode a second time, delete old sandbox
+    struct stat sb;
+    int err = stat(opt->sandbox_root, &sb);
+    if (err == 0) {
+      CHECK_CALL(nftw(opt->sandbox_root, *rmrf, sysconf(_SC_OPEN_MAX),
+                      FTW_DEPTH | FTW_PHYS));
+    } else if (errno != ENOENT) {
+      CHECK_CALL(err);
+    }
+
+    CHECK_CALL(mkdir(opt->sandbox_root, 0755));
+  }
+
   // Mount the sandbox and go there.
   CHECK_CALL(mount(opt->sandbox_root, opt->sandbox_root, NULL,
                    MS_BIND | MS_NOSUID, NULL));
@@ -653,11 +678,11 @@ void OnSignal(int sig) {
 
 // Run the command specified by the argv array and kill it after timeout
 // seconds.
-static void SpawnCommand(char *const *argv, double timeout_secs) {
+static void SpawnCommand(char *const *argv, double timeout_secs,
+                         bool isFallback) {
   for (int i = 0; argv[i] != NULL; i++) {
     PRINT_DEBUG("arg: %s\n", argv[i]);
   }
-
   CHECK_CALL(global_child_pid = fork());
   if (global_child_pid == 0) {
     // In child.
@@ -691,6 +716,13 @@ static void SpawnCommand(char *const *argv, double timeout_secs) {
       UnHandle(global_signal);
       raise(global_signal);
     } else if (WIFEXITED(status)) {
+      if (global_debug && !isFallback && isatty(fileno(stdin)) &&
+          WEXITSTATUS(status) > 0) {
+        char **cmdList = calloc(2, sizeof(char *));
+        cmdList[0] = "/bin/bash";
+        cmdList[1] = NULL;
+        SpawnCommand(cmdList, 0, true);
+      }
       exit(WEXITSTATUS(status));
     } else {
       int sig = WTERMSIG(status);
@@ -749,7 +781,7 @@ int main(int argc, char *const argv[]) {
   }
   ChangeRoot(&opt);
 
-  SpawnCommand(opt.args, opt.timeout_secs);
+  SpawnCommand(opt.args, opt.timeout_secs, false);
 
   free(opt.create_dirs);
   free(opt.mount_sources);