Split out LinuxSandboxedCommandLineBuilder to break deps.
Preparation for using linux-sandbox in worker.
PiperOrigin-RevId: 482195130
Change-Id: I14258df547d49b689486495facb9180b3cbbefa9
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/BUILD b/src/main/java/com/google/devtools/build/lib/sandbox/BUILD
index e3842d2..ba7aa36 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/BUILD
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/BUILD
@@ -10,14 +10,42 @@
java_library(
name = "sandbox",
- srcs = glob(
- ["*.java"],
- exclude = ["SandboxHelpers.java"],
- ),
+ srcs = [
+ "AbstractContainerizingSandboxedSpawn.java",
+ "AbstractSandboxSpawnRunner.java",
+ "AsynchronousTreeDeleter.java",
+ "CopyingSandboxedSpawn.java",
+ "DarwinSandboxedSpawnRunner.java",
+ "DarwinSandboxedStrategy.java",
+ "DockerCommandLineBuilder.java",
+ "DockerSandboxedSpawnRunner.java",
+ "DockerSandboxedStrategy.java",
+ "HardlinkedSandboxedSpawn.java",
+ "LinuxSandboxUtil.java",
+ "LinuxSandboxedSpawnRunner.java",
+ "LinuxSandboxedStrategy.java",
+ "ProcessWrapperSandboxedSpawnRunner.java",
+ "ProcessWrapperSandboxedStrategy.java",
+ "RealSandboxfs01Process.java",
+ "RealSandboxfs02Process.java",
+ "RealSandboxfsProcess.java",
+ "SandboxModule.java",
+ "SandboxOptions.java",
+ "SandboxedSpawn.java",
+ "SandboxfsProcess.java",
+ "SandboxfsSandboxedSpawn.java",
+ "SymlinkedSandboxedSpawn.java",
+ "SynchronousTreeDeleter.java",
+ "WindowsSandboxUtil.java",
+ "WindowsSandboxedSpawn.java",
+ "WindowsSandboxedSpawnRunner.java",
+ "WindowsSandboxedStrategy.java",
+ ],
data = [
"//src/main/tools:linux-sandbox",
],
deps = [
+ ":linux_sandbox_command_line_builder",
":sandbox_helpers",
"//src/main/java/com/google/devtools/build/lib:runtime",
"//src/main/java/com/google/devtools/build/lib/actions",
@@ -79,3 +107,16 @@
"//third_party:guava",
],
)
+
+java_library(
+ name = "linux_sandbox_command_line_builder",
+ srcs = ["LinuxSandboxCommandLineBuilder.java"],
+ data = ["//src/main/tools:linux-sandbox"],
+ deps = [
+ "//src/main/java/com/google/devtools/build/lib/actions:execution_requirements",
+ "//src/main/java/com/google/devtools/build/lib/vfs",
+ "//src/main/java/com/google/devtools/build/lib/vfs:pathfragment",
+ "//third_party:flogger",
+ "//third_party:guava",
+ ],
+)
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
new file mode 100644
index 0000000..60e6bcd
--- /dev/null
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
@@ -0,0 +1,271 @@
+// Copyright 2017 The Bazel Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.devtools.build.lib.sandbox;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.devtools.build.lib.actions.ExecutionRequirements;
+import com.google.devtools.build.lib.vfs.Path;
+import com.google.devtools.build.lib.vfs.PathFragment;
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import java.time.Duration;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A builder class for constructing the full command line to run a command using the {@code
+ * linux-sandbox} tool.
+ */
+public class LinuxSandboxCommandLineBuilder {
+ private final Path linuxSandboxPath;
+ private final List<String> commandArguments;
+ private Path hermeticSandboxPath;
+ private Path workingDirectory;
+ private Duration timeout;
+ private Duration killDelay;
+ private Path stdoutPath;
+ private Path stderrPath;
+ private Set<Path> writableFilesAndDirectories = ImmutableSet.of();
+ private ImmutableSet<PathFragment> tmpfsDirectories = ImmutableSet.of();
+ private Map<Path, Path> bindMounts = ImmutableMap.of();
+ private Path statisticsPath;
+ private boolean useFakeHostname = false;
+ private boolean createNetworkNamespace = false;
+ private boolean useFakeRoot = false;
+ private boolean useFakeUsername = false;
+ private boolean enablePseudoterminal = false;
+ private boolean useDebugMode = false;
+ private boolean sigintSendsSigterm = false;
+
+ private LinuxSandboxCommandLineBuilder(Path linuxSandboxPath, List<String> commandArguments) {
+ this.linuxSandboxPath = linuxSandboxPath;
+ this.commandArguments = commandArguments;
+ }
+
+ /** Returns a new command line builder for the {@code linux-sandbox} tool. */
+ public static LinuxSandboxCommandLineBuilder commandLineBuilder(
+ Path linuxSandboxPath, List<String> commandArguments) {
+ return new LinuxSandboxCommandLineBuilder(linuxSandboxPath, commandArguments);
+ }
+
+ /**
+ * Sets the sandbox path to chroot to, required for the hermetic linux sandbox to figure out where
+ * the working directory is.
+ */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setHermeticSandboxPath(Path sandboxPath) {
+ this.hermeticSandboxPath = sandboxPath;
+ return this;
+ }
+
+ /** Sets the working directory to use, if any. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setWorkingDirectory(Path workingDirectory) {
+ this.workingDirectory = workingDirectory;
+ return this;
+ }
+
+ /** Sets the timeout for the command run using the {@code linux-sandbox} tool. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setTimeout(Duration timeout) {
+ this.timeout = timeout;
+ return this;
+ }
+
+ /**
+ * Sets the kill delay for commands run using the {@code linux-sandbox} tool that exceed their
+ * timeout.
+ */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setKillDelay(Duration killDelay) {
+ this.killDelay = killDelay;
+ return this;
+ }
+
+ /** Sets the path to use for redirecting stdout, if any. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setStdoutPath(Path stdoutPath) {
+ this.stdoutPath = stdoutPath;
+ return this;
+ }
+
+ /** Sets the path to use for redirecting stderr, if any. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setStderrPath(Path stderrPath) {
+ this.stderrPath = stderrPath;
+ return this;
+ }
+
+ /** Sets the files or directories to make writable for the sandboxed process, if any. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setWritableFilesAndDirectories(
+ Set<Path> writableFilesAndDirectories) {
+ this.writableFilesAndDirectories = writableFilesAndDirectories;
+ return this;
+ }
+
+ /** Sets the directories where to mount an empty tmpfs, if any. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setTmpfsDirectories(
+ ImmutableSet<PathFragment> tmpfsDirectories) {
+ this.tmpfsDirectories = tmpfsDirectories;
+ return this;
+ }
+
+ /**
+ * Sets the sources and targets of files or directories to explicitly bind-mount in the sandbox,
+ * if any.
+ */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setBindMounts(Map<Path, Path> bindMounts) {
+ this.bindMounts = bindMounts;
+ return this;
+ }
+
+ /** Sets the path for writing execution statistics (e.g. resource usage). */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setStatisticsPath(Path statisticsPath) {
+ this.statisticsPath = statisticsPath;
+ return this;
+ }
+
+ /** Sets whether to use a fake 'localhost' hostname inside the sandbox. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setUseFakeHostname(boolean useFakeHostname) {
+ this.useFakeHostname = useFakeHostname;
+ return this;
+ }
+
+ /** Sets whether to create a new network namespace. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setCreateNetworkNamespace(boolean createNetworkNamespace) {
+ this.createNetworkNamespace = createNetworkNamespace;
+ return this;
+ }
+
+ /** Sets whether to pretend to be 'root' inside the namespace. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setUseFakeRoot(boolean useFakeRoot) {
+ this.useFakeRoot = useFakeRoot;
+ return this;
+ }
+
+ /** Sets whether to use a fake 'nobody' username inside the sandbox. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setUseFakeUsername(boolean useFakeUsername) {
+ this.useFakeUsername = useFakeUsername;
+ return this;
+ }
+
+ /**
+ * Sets whether to set group to 'tty' and make /dev/pts writable inside the sandbox in order to
+ * enable the use of pseudoterminals.
+ */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setEnablePseudoterminal(boolean enablePseudoterminal) {
+ this.enablePseudoterminal = enablePseudoterminal;
+ return this;
+ }
+
+ /** Sets whether to enable debug mode (e.g. to print debugging messages). */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder setUseDebugMode(boolean useDebugMode) {
+ this.useDebugMode = useDebugMode;
+ return this;
+ }
+
+ /** Incorporates settings from a spawn's execution info. */
+ @CanIgnoreReturnValue
+ public LinuxSandboxCommandLineBuilder addExecutionInfo(Map<String, String> executionInfo) {
+ if (executionInfo.containsKey(ExecutionRequirements.GRACEFUL_TERMINATION)) {
+ sigintSendsSigterm = true;
+ }
+ return this;
+ }
+
+ /** Builds the command line to invoke a specific command using the {@code linux-sandbox} tool. */
+ public ImmutableList<String> build() {
+ Preconditions.checkState(
+ !(this.useFakeUsername && this.useFakeRoot),
+ "useFakeUsername and useFakeRoot are exclusive");
+
+ ImmutableList.Builder<String> commandLineBuilder = ImmutableList.builder();
+
+ commandLineBuilder.add(linuxSandboxPath.getPathString());
+ if (workingDirectory != null) {
+ commandLineBuilder.add("-W", workingDirectory.getPathString());
+ }
+ if (timeout != null) {
+ commandLineBuilder.add("-T", Long.toString(timeout.getSeconds()));
+ }
+ if (killDelay != null) {
+ commandLineBuilder.add("-t", Long.toString(killDelay.getSeconds()));
+ }
+ if (stdoutPath != null) {
+ commandLineBuilder.add("-l", stdoutPath.getPathString());
+ }
+ if (stderrPath != null) {
+ commandLineBuilder.add("-L", stderrPath.getPathString());
+ }
+ for (Path writablePath : writableFilesAndDirectories) {
+ commandLineBuilder.add("-w", writablePath.getPathString());
+ }
+ for (PathFragment tmpfsPath : tmpfsDirectories) {
+ commandLineBuilder.add("-e", tmpfsPath.getPathString());
+ }
+ for (Path bindMountTarget : bindMounts.keySet()) {
+ Path bindMountSource = bindMounts.get(bindMountTarget);
+ commandLineBuilder.add("-M", bindMountSource.getPathString());
+ // The file is mounted in a custom location inside the sandbox.
+ if (!bindMountSource.equals(bindMountTarget)) {
+ commandLineBuilder.add("-m", bindMountTarget.getPathString());
+ }
+ }
+ if (statisticsPath != null) {
+ commandLineBuilder.add("-S", statisticsPath.getPathString());
+ }
+ if (hermeticSandboxPath != null) {
+ commandLineBuilder.add("-h", hermeticSandboxPath.getPathString());
+ }
+ if (useFakeHostname) {
+ commandLineBuilder.add("-H");
+ }
+ if (createNetworkNamespace) {
+ commandLineBuilder.add("-N");
+ }
+ if (useFakeRoot) {
+ commandLineBuilder.add("-R");
+ }
+ if (useFakeUsername) {
+ commandLineBuilder.add("-U");
+ }
+ if (enablePseudoterminal) {
+ commandLineBuilder.add("-P");
+ }
+ if (useDebugMode) {
+ commandLineBuilder.add("-D");
+ }
+ if (sigintSendsSigterm) {
+ commandLineBuilder.add("-i");
+ }
+ commandLineBuilder.add("--");
+ commandLineBuilder.addAll(commandArguments);
+
+ return commandLineBuilder.build();
+ }
+}
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxUtil.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxUtil.java
index d10ab53..c5830c7 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxUtil.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxUtil.java
@@ -14,20 +14,9 @@
package com.google.devtools.build.lib.sandbox;
-import com.google.common.base.Preconditions;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-import com.google.devtools.build.lib.actions.ExecutionRequirements;
import com.google.devtools.build.lib.runtime.CommandEnvironment;
import com.google.devtools.build.lib.util.OsUtils;
import com.google.devtools.build.lib.vfs.Path;
-import com.google.devtools.build.lib.vfs.PathFragment;
-import com.google.errorprone.annotations.CanIgnoreReturnValue;
-import java.time.Duration;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
/** Utility functions for the {@code linux-sandbox} embedded tool. */
public final class LinuxSandboxUtil {
@@ -44,248 +33,4 @@
public static Path getLinuxSandbox(CommandEnvironment cmdEnv) {
return cmdEnv.getBlazeWorkspace().getBinTools().getEmbeddedPath(LINUX_SANDBOX);
}
-
- /** Returns a new command line builder for the {@code linux-sandbox} tool. */
- public static CommandLineBuilder commandLineBuilder(
- Path linuxSandboxPath, List<String> commandArguments) {
- return new CommandLineBuilder(linuxSandboxPath, commandArguments);
- }
-
- /**
- * A builder class for constructing the full command line to run a command using the {@code
- * linux-sandbox} tool.
- */
- public static class CommandLineBuilder {
- private final Path linuxSandboxPath;
- private final List<String> commandArguments;
- private Path hermeticSandboxPath;
- private Path workingDirectory;
- private Duration timeout;
- private Duration killDelay;
- private Path stdoutPath;
- private Path stderrPath;
- private Set<Path> writableFilesAndDirectories = ImmutableSet.of();
- private ImmutableSet<PathFragment> tmpfsDirectories = ImmutableSet.of();
- private Map<Path, Path> bindMounts = ImmutableMap.of();
- private Path statisticsPath;
- private boolean useFakeHostname = false;
- private boolean createNetworkNamespace = false;
- private boolean useFakeRoot = false;
- private boolean useFakeUsername = false;
- private boolean enablePseudoterminal = false;
- private boolean useDebugMode = false;
- private boolean sigintSendsSigterm = false;
-
- private CommandLineBuilder(Path linuxSandboxPath, List<String> commandArguments) {
- this.linuxSandboxPath = linuxSandboxPath;
- this.commandArguments = commandArguments;
- }
-
- /**
- * Sets the sandbox path to chroot to, required for the hermetic linux sandbox to figure out
- * where the working directory is.
- */
- @CanIgnoreReturnValue
- public CommandLineBuilder setHermeticSandboxPath(Path sandboxPath) {
- this.hermeticSandboxPath = sandboxPath;
- return this;
- }
-
- /** Sets the working directory to use, if any. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setWorkingDirectory(Path workingDirectory) {
- this.workingDirectory = workingDirectory;
- return this;
- }
-
- /** Sets the timeout for the command run using the {@code linux-sandbox} tool. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setTimeout(Duration timeout) {
- this.timeout = timeout;
- return this;
- }
-
- /**
- * Sets the kill delay for commands run using the {@code linux-sandbox} tool that exceed their
- * timeout.
- */
- @CanIgnoreReturnValue
- public CommandLineBuilder setKillDelay(Duration killDelay) {
- this.killDelay = killDelay;
- return this;
- }
-
- /** Sets the path to use for redirecting stdout, if any. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setStdoutPath(Path stdoutPath) {
- this.stdoutPath = stdoutPath;
- return this;
- }
-
- /** Sets the path to use for redirecting stderr, if any. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setStderrPath(Path stderrPath) {
- this.stderrPath = stderrPath;
- return this;
- }
-
- /** Sets the files or directories to make writable for the sandboxed process, if any. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setWritableFilesAndDirectories(
- Set<Path> writableFilesAndDirectories) {
- this.writableFilesAndDirectories = writableFilesAndDirectories;
- return this;
- }
-
- /** Sets the directories where to mount an empty tmpfs, if any. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setTmpfsDirectories(ImmutableSet<PathFragment> tmpfsDirectories) {
- this.tmpfsDirectories = tmpfsDirectories;
- return this;
- }
-
- /**
- * Sets the sources and targets of files or directories to explicitly bind-mount in the sandbox,
- * if any.
- */
- @CanIgnoreReturnValue
- public CommandLineBuilder setBindMounts(Map<Path, Path> bindMounts) {
- this.bindMounts = bindMounts;
- return this;
- }
-
- /** Sets the path for writing execution statistics (e.g. resource usage). */
- @CanIgnoreReturnValue
- public CommandLineBuilder setStatisticsPath(Path statisticsPath) {
- this.statisticsPath = statisticsPath;
- return this;
- }
-
- /** Sets whether to use a fake 'localhost' hostname inside the sandbox. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setUseFakeHostname(boolean useFakeHostname) {
- this.useFakeHostname = useFakeHostname;
- return this;
- }
-
- /** Sets whether to create a new network namespace. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setCreateNetworkNamespace(boolean createNetworkNamespace) {
- this.createNetworkNamespace = createNetworkNamespace;
- return this;
- }
-
- /** Sets whether to pretend to be 'root' inside the namespace. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setUseFakeRoot(boolean useFakeRoot) {
- this.useFakeRoot = useFakeRoot;
- return this;
- }
-
- /** Sets whether to use a fake 'nobody' username inside the sandbox. */
- @CanIgnoreReturnValue
- public CommandLineBuilder setUseFakeUsername(boolean useFakeUsername) {
- this.useFakeUsername = useFakeUsername;
- return this;
- }
-
- /**
- * Sets whether to set group to 'tty' and make /dev/pts writable inside the sandbox in order to
- * enable the use of pseudoterminals.
- */
- @CanIgnoreReturnValue
- public CommandLineBuilder setEnablePseudoterminal(boolean enablePseudoterminal) {
- this.enablePseudoterminal = enablePseudoterminal;
- return this;
- }
-
- /** Sets whether to enable debug mode (e.g. to print debugging messages). */
- @CanIgnoreReturnValue
- public CommandLineBuilder setUseDebugMode(boolean useDebugMode) {
- this.useDebugMode = useDebugMode;
- return this;
- }
-
- /** Incorporates settings from a spawn's execution info. */
- @CanIgnoreReturnValue
- public CommandLineBuilder addExecutionInfo(Map<String, String> executionInfo) {
- if (executionInfo.containsKey(ExecutionRequirements.GRACEFUL_TERMINATION)) {
- sigintSendsSigterm = true;
- }
- return this;
- }
-
- /**
- * Builds the command line to invoke a specific command using the {@code linux-sandbox} tool.
- */
- public ImmutableList<String> build() {
- Preconditions.checkState(
- !(this.useFakeUsername && this.useFakeRoot),
- "useFakeUsername and useFakeRoot are exclusive");
-
- ImmutableList.Builder<String> commandLineBuilder = ImmutableList.builder();
-
- commandLineBuilder.add(linuxSandboxPath.getPathString());
- if (workingDirectory != null) {
- commandLineBuilder.add("-W", workingDirectory.getPathString());
- }
- if (timeout != null) {
- commandLineBuilder.add("-T", Long.toString(timeout.getSeconds()));
- }
- if (killDelay != null) {
- commandLineBuilder.add("-t", Long.toString(killDelay.getSeconds()));
- }
- if (stdoutPath != null) {
- commandLineBuilder.add("-l", stdoutPath.getPathString());
- }
- if (stderrPath != null) {
- commandLineBuilder.add("-L", stderrPath.getPathString());
- }
- for (Path writablePath : writableFilesAndDirectories) {
- commandLineBuilder.add("-w", writablePath.getPathString());
- }
- for (PathFragment tmpfsPath : tmpfsDirectories) {
- commandLineBuilder.add("-e", tmpfsPath.getPathString());
- }
- for (Path bindMountTarget : bindMounts.keySet()) {
- Path bindMountSource = bindMounts.get(bindMountTarget);
- commandLineBuilder.add("-M", bindMountSource.getPathString());
- // The file is mounted in a custom location inside the sandbox.
- if (!bindMountSource.equals(bindMountTarget)) {
- commandLineBuilder.add("-m", bindMountTarget.getPathString());
- }
- }
- if (statisticsPath != null) {
- commandLineBuilder.add("-S", statisticsPath.getPathString());
- }
- if (hermeticSandboxPath != null) {
- commandLineBuilder.add("-h", hermeticSandboxPath.getPathString());
- }
- if (useFakeHostname) {
- commandLineBuilder.add("-H");
- }
- if (createNetworkNamespace) {
- commandLineBuilder.add("-N");
- }
- if (useFakeRoot) {
- commandLineBuilder.add("-R");
- }
- if (useFakeUsername) {
- commandLineBuilder.add("-U");
- }
- if (enablePseudoterminal) {
- commandLineBuilder.add("-P");
- }
- if (useDebugMode) {
- commandLineBuilder.add("-D");
- }
- if (sigintSendsSigterm) {
- commandLineBuilder.add("-i");
- }
- commandLineBuilder.add("--");
- commandLineBuilder.addAll(commandArguments);
-
- return commandLineBuilder.build();
- }
- }
}
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
index 1fe431d..1da4ee5 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
@@ -93,7 +93,8 @@
private static boolean computeIsSupported(CommandEnvironment cmdEnv, Path linuxSandbox)
throws InterruptedException {
ImmutableList<String> linuxSandboxArgv =
- LinuxSandboxUtil.commandLineBuilder(linuxSandbox, ImmutableList.of("/bin/true"))
+ LinuxSandboxCommandLineBuilder.commandLineBuilder(
+ linuxSandbox, ImmutableList.of("/bin/true"))
.setTimeout(Duration.ofSeconds(1))
.build();
ImmutableMap<String, String> env = ImmutableMap.of();
@@ -222,8 +223,8 @@
Duration timeout = context.getTimeout();
- LinuxSandboxUtil.CommandLineBuilder commandLineBuilder =
- LinuxSandboxUtil.commandLineBuilder(linuxSandbox, spawn.getArguments())
+ LinuxSandboxCommandLineBuilder commandLineBuilder =
+ LinuxSandboxCommandLineBuilder.commandLineBuilder(linuxSandbox, spawn.getArguments())
.addExecutionInfo(spawn.getExecutionInfo())
.setWritableFilesAndDirectories(writableDirs)
.setTmpfsDirectories(ImmutableSet.copyOf(getSandboxOptions().sandboxTmpfsPath))