-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sandbox can mishandle symlink outputs #4987
Labels
Comments
benjaminp
added a commit
to benjaminp/bazel
that referenced
this issue
Apr 10, 2018
…SandboxedSpawn.copyOutputs. Previously, if moveFile fell back to copying from a true rename (e.g., if the move is across file systems), it would fully dereference the source and produce a regular file at the output location. This CL fixes moveFile to properly copy symlinks. Note we don't preserve metadata in the symlink case mostly because the Bazel VFS has no API to write metadata without dereferencing symlinks. (But, also, it's not important for the current use cases.) This breaks the backward-compatibility of FileSystemUtils.moveFile and FileSystemUtils.moveTreeBelow. This seems okay because the new behavior makes more sense, and sandbox is the only consumer of these APIs. Switching SandboxedSpawn.copyOutputs to use FileSystemUtils.moveFile rather than Guava's Files.move fixes bazelbuild#4987. Change-Id: I0283e8aa11fadff5b0afd7bdfd0490aca12a1f6b
benjaminp
added a commit
to benjaminp/bazel
that referenced
this issue
Apr 10, 2018
…SandboxedSpawn.copyOutputs. Previously, if moveFile fell back to copying from a true rename (e.g., if the move is across file systems), it would fully dereference the source and produce a regular file at the output location. This CL fixes moveFile to properly copy symlinks. Note we don't preserve metadata in the symlink case mostly because the Bazel VFS has no API to write metadata without dereferencing symlinks. (But, also, it's not important for the current use cases.) This breaks the backward-compatibility of FileSystemUtils.moveFile and FileSystemUtils.moveTreeBelow. This seems okay because the new behavior makes more sense, and sandbox is the only consumer of these APIs. Switching SandboxedSpawn.copyOutputs to use FileSystemUtils.moveFile rather than Guava's Files.move fixes bazelbuild#4987. Change-Id: I0283e8aa11fadff5b0afd7bdfd0490aca12a1f6b
luca-digrazia
pushed a commit
to luca-digrazia/DatasetCommitsDiffSearch
that referenced
this issue
Sep 4, 2022
… SandboxedSpawn.copyOutputs. Previously, if moveFile fell back to copying from a true rename (e.g., if the move is across file systems), it would fully dereference the source and produce a regular file at the output location. This CL fixes moveFile to properly copy symlinks. Note we don't preserve metadata in the symlink case mostly because the Bazel VFS has no API to write metadata without dereferencing symlinks. (But, also, it's not important for the current use cases.) This breaks the backward-compatibility of FileSystemUtils.moveFile and FileSystemUtils.moveTreeBelow. This seems okay because the new behavior makes more sense, and sandbox is the only consumer of these APIs. Switching SandboxedSpawn.copyOutputs to use FileSystemUtils.moveFile rather than Guava's Files.move fixes bazelbuild/bazel#4987. Closes #4989. Change-Id: I0283e8aa11fadff5b0afd7bdfd0490aca12a1f6b PiperOrigin-RevId: 192611227
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Consider these genrules that emit symlinks:
So far, so good. Unfortunately, things work less well when the real execroot is on a different filesystem than the sandbox execroot:
Not only does the building one of the genrules fail, but the sandbox has silently replaced the symbolic link
link2
with a regular file!The text was updated successfully, but these errors were encountered: