Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sandbox] Run sandbox from common execroot #8849

Closed
wants to merge 2 commits into from
Closed

[sandbox] Run sandbox from common execroot #8849

wants to merge 2 commits into from

Conversation

rongjiecomputer
Copy link
Contributor

@rongjiecomputer rongjiecomputer commented Jul 10, 2019
edited
Loading

Make sandboxed process run under main execroot instead of unique sandboxed execroot. This way, we do not need to copy/symlink input files before execution and clean up sandbox base after execution.

Summary of how it works:

  • windows-sandbox blocks all file access under current directory (main execroot).
  • Declared input paths will be marked readable.
  • Declared output paths will be marked writable.
  • If sandboxed process tries to open file for read/write when the path is not marked with that permission, the operation will fail (e.g. fopen will return nullptr).

@rongjiecomputer rongjiecomputer requested a review from philwo as a code owner July 10, 2019 13:10
@rongjiecomputer
Copy link
Contributor Author

/cc @laszlocsomor

I have ported one integration test, will send it in another PR later.

@laszlocsomor laszlocsomor self-requested a review July 10, 2019 13:12
@laszlocsomor laszlocsomor self-assigned this Jul 10, 2019
laszlocsomor
laszlocsomor suggested changes Jul 10, 2019
View reviewed changes
Copy link
Contributor

@laszlocsomor laszlocsomor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For future readers' sake, please add more information to the PR description about the motivation.

src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java Show resolved Hide resolved
src/main/java/com/google/devtools/build/lib/sandbox/DummySandboxedSpawn.java Outdated Show resolved Hide resolved
src/main/java/com/google/devtools/build/lib/sandbox/DummySandboxedSpawn.java Outdated Show resolved Hide resolved
src/main/java/com/google/devtools/build/lib/sandbox/DummySandboxedSpawn.java Outdated Show resolved Hide resolved
src/main/java/com/google/devtools/build/lib/sandbox/WindowsSandboxedSpawnRunner.java Outdated Show resolved Hide resolved
@rongjiecomputer
Copy link
Contributor Author

I have added PR description, PTAL.

laszlocsomor
laszlocsomor approved these changes Jul 10, 2019
View reviewed changes
Copy link
Contributor

@laszlocsomor laszlocsomor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Thanks!

@bazel-io bazel-io closed this in 6605b23 Jul 10, 2019
irengrig pushed a commit to irengrig/bazel that referenced this pull request Jul 15, 2019
@rongjiecomputer @irengrig
[sandbox] Run sandbox from common execroot
11a2f4a 
Make sandboxed process run under main execroot instead of unique sandboxed execroot. This way, we do not need to copy/symlink input files before execution and clean up sandbox base after execution.

Summary of how it works:

- `windows-sandbox` blocks all file access under current directory (main execroot).
- Declared input paths will be marked readable.
- Declared output paths will be marked writable.
- If sandboxed process tries to open file for read/write when the path is not marked with that permission, the operation will fail (e.g. `fopen` will return `nullptr`).

Closes bazelbuild#8849.

PiperOrigin-RevId: 257408096
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laszlocsomor laszlocsomor laszlocsomor approved these changes

@philwo philwo Awaiting requested review from philwo

Assignees

@laszlocsomor laszlocsomor

Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rongjiecomputer @laszlocsomor @googlebot