Add support for sandboxfs-based sandboxing to Linux.
This is essentially the same as https://github.com/bazelbuild/bazel/commit/3a7b8bc2abeaf8b8647c037bed1dd5fd73b8392b.
RELNOTES: none.
PiperOrigin-RevId: 192342039
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
index bbebefa..7aac514 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
@@ -23,6 +23,7 @@
import com.google.devtools.build.lib.vfs.Path;
import java.io.IOException;
import java.time.Duration;
+import javax.annotation.Nullable;
/** Strategy that uses sandboxing to execute a process. */
// TODO(ulfjack): This class only exists for this annotation. Find a better way to handle this!
@@ -46,9 +47,12 @@
* @param cmdEnv the command environment to use
* @param sandboxBase path to the sandbox base directory
* @param timeoutKillDelay additional grace period before killing timing out commands
+ * @param sandboxfsProcess instance of the sandboxfs process to use; may be null for none, in
+ * which case the runner uses a symlinked sandbox
*/
static LinuxSandboxedSpawnRunner create(
- CommandEnvironment cmdEnv, Path sandboxBase, Duration timeoutKillDelay) throws IOException {
+ CommandEnvironment cmdEnv, Path sandboxBase, Duration timeoutKillDelay,
+ @Nullable SandboxfsProcess sandboxfsProcess) throws IOException {
Path inaccessibleHelperFile = sandboxBase.getRelative("inaccessibleHelperFile");
FileSystemUtils.touchFile(inaccessibleHelperFile);
inaccessibleHelperFile.setReadable(false);
@@ -66,6 +70,7 @@
sandboxBase,
inaccessibleHelperFile,
inaccessibleHelperDir,
- timeoutKillDelay);
+ timeoutKillDelay,
+ sandboxfsProcess);
}
}
