Add integration tests for the experimental hardened worker sandbox. Fixes the problem where the worker sandbox would die due to the parent _thread_ dying by adding a linux-sandbox flag for persistent processes.
PiperOrigin-RevId: 492139916
Change-Id: Icf952a19530f447e916c801d6e512f13eb4b295d
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
index 60e6bcd..8d03d61 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
@@ -38,6 +38,7 @@
private Path workingDirectory;
private Duration timeout;
private Duration killDelay;
+ private boolean persistentProcess;
private Path stdoutPath;
private Path stderrPath;
private Set<Path> writableFilesAndDirectories = ImmutableSet.of();
@@ -97,6 +98,12 @@
return this;
}
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setPersistentProcess(boolean persistentProcess) {
+ this.persistentProcess = persistentProcess;
+ return this;
+ }
+
/** Sets the path to use for redirecting stdout, if any. */
@CanIgnoreReturnValue
public LinuxSandboxCommandLineBuilder setStdoutPath(Path stdoutPath) {
@@ -263,6 +270,9 @@
if (sigintSendsSigterm) {
commandLineBuilder.add("-i");
}
+ if (persistentProcess) {
+ commandLineBuilder.add("-p");
+ }
commandLineBuilder.add("--");
commandLineBuilder.addAll(commandArguments);
