)]}'
{
  "commit": "d4390f81b306f3ae0b2f85c722965142e14dd356",
  "tree": "216b1888fe0fd97488658746b23c4b1b040a905f",
  "parents": [
    "bb725018b85e18c75ccf8db574cc799cc7569d2a"
  ],
  "author": {
    "name": "Pras Velagapudi",
    "email": "psigen@gmail.com",
    "time": "Thu Jun 17 08:46:25 2021 -0700"
  },
  "committer": {
    "name": "Copybara-Service",
    "email": "copybara-worker@google.com",
    "time": "Thu Jun 17 08:47:47 2021 -0700"
  },
  "message": "Add --no-log-init flag to docker sandbox.\n\nThis adds the `--no-log-init` flag (`-l`) to the internal `useradd` command used to initial the docker sandbox environment.\n\nWithout this flag, AD/LDAP/SSSD users that have large UID/GID values will be added to `lastlog`/`faillog`, but since docker does not support sparse files, this will cause the docker daemon to attempt to create a `/var/lib/docker/overlay2` entry that may consume all available disk space.\n\nhttps://github.com/moby/moby/issues/5419#issuecomment-332785867\n\nFor one example, my SSSD-assigned uid is `1553201121`, which makes the _sparse_ size of my `lastlog` file 423GB.  If this uid is used by bazel\u0027s docker-sandbox, the resulting container attempts to create the full 423GB file, which I confirmed the hard way.\n\nCloses #13506.\n\nPiperOrigin-RevId: 379966973\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2fda26a5a33860f48b6fd9ab5b5831c857896084",
      "old_mode": 33188,
      "old_path": "src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java",
      "new_id": "f56eafd8cf9573a90356a79d71f9e644eb11e73a",
      "new_mode": 33188,
      "new_path": "src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java"
    }
  ]
}