Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sandboxing hermetic tmp to take into account sandbox_base #22435

Closed
wants to merge 2 commits into from
Closed

Fix sandboxing hermetic tmp to take into account sandbox_base #22435

wants to merge 2 commits into from

Conversation

oquenchil
Copy link
Contributor

@oquenchil oquenchil commented May 17, 2024
edited

The logic for sandboxing hermetic tmp needs to take into account all paths under /tmp used during the build. A user may also pass a sandbox_base under /tmp even when the output_base is not. This change adds sandbox_base to the list.

Fix suggested by fmeum

@github-actions github-actions bot added team-Local-Exec Issues and PRs for the Execution (Local) team awaiting-review PR is awaiting review from an assigned reviewer labels May 17, 2024
fmeum
fmeum approved these changes May 17, 2024
View reviewed changes
Copy link
Collaborator

@fmeum fmeum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you remove the @ mention from the commit message during import? If it ends up in a commit on master, every Bazel fork would ping me.

src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java Outdated Show resolved Hide resolved
@fmeum
Copy link
Collaborator

fmeum commented May 17, 2024

@bazel-io fork 7.2.0

@bazel-io bazel-io mentioned this pull request May 17, 2024
Closed
@oquenchil @fmeum
Update src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandb…
e7204fc 
…oxedSpawnRunner.java

Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
@oquenchil oquenchil added awaiting-PR-merge PR has been approved by a reviewer and is ready to be merge internally and removed awaiting-review PR is awaiting review from an assigned reviewer labels May 20, 2024
@github-actions github-actions bot removed the awaiting-PR-merge PR has been approved by a reviewer and is ready to be merge internally label May 20, 2024
bazel-io pushed a commit to bazel-io/bazel that referenced this pull request May 20, 2024
@oquenchil @bazel-io
Fix sandboxing hermetic tmp to take into account sandbox_base
12c0a80 
The logic for sandboxing hermetic tmp needs to take into account all paths under `/tmp` used during the build. A user may also pass a `sandbox_base` under `/tmp` even when the `output_base` is not. This change adds `sandbox_base` to the list.

Fix suggested by fmeum

Closes bazelbuild#22435.

PiperOrigin-RevId: 635382607
Change-Id: I32497a514ff16e64a0e0d84c307f280d3d37544b
@bazel-io bazel-io mentioned this pull request May 20, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request May 20, 2024
@bazel-io @oquenchil
[7.2.0] Fix sandboxing hermetic tmp to take into account sandbox_base (
b229d83 
…#22450)

The logic for sandboxing hermetic tmp needs to take into account all
paths under `/tmp` used during the build. A user may also pass a
`sandbox_base` under `/tmp` even when the `output_base` is not. This
change adds `sandbox_base` to the list.

Fix suggested by fmeum

Closes #22435.

PiperOrigin-RevId: 635382607
Change-Id: I32497a514ff16e64a0e0d84c307f280d3d37544b

Commit
eebf5f9

Co-authored-by: oquenchil <23365806+oquenchil@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmeum fmeum fmeum approved these changes

Assignees
No one assigned
Labels
team-Local-Exec Issues and PRs for the Execution (Local) team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@oquenchil @fmeum