commit | e9f0ab3ca20a213f531f8ce5406e2f84bb8c732d | [log] [tgz] |
---|---|---|
author | Googler <larsrc@google.com> | Mon Jan 09 09:41:14 2023 -0800 |
committer | Copybara-Service <copybara-worker@google.com> | Mon Jan 09 09:42:26 2023 -0800 |
tree | 73f2043d4c0ea0ac4e903c720aa6931760594418 | |
parent | 17b8e448a5e5589f96c2794cb38c86b0c64e86c0 [diff] [blame] |
Cgroups v1 support in hardened sandbox. I am collecting things I have learned about cgroups in this document: https://docs.google.com/document/d/1AN1swoscqt7EC7cKcyFONWV0LVhC4vAiihRjlyvKJpw/edit?usp=sharing. PiperOrigin-RevId: 500736287 Change-Id: I2fe222366e9c1c516427af188b7ec27651166f32
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java index d2233a9..f84c051 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxCommandLineBuilder.java
@@ -23,6 +23,7 @@ import com.google.devtools.build.lib.vfs.PathFragment; import com.google.errorprone.annotations.CanIgnoreReturnValue; import java.time.Duration; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -141,6 +142,15 @@ return this; } + @CanIgnoreReturnValue + public LinuxSandboxCommandLineBuilder addWritablePath(Path writablePath) { + if (this.writableFilesAndDirectories == null) { + this.writableFilesAndDirectories = new HashSet<>(); + } + this.writableFilesAndDirectories.add(writablePath); + return this; + } + /** Sets the directories where to mount an empty tmpfs, if any. */ @CanIgnoreReturnValue public LinuxSandboxCommandLineBuilder setTmpfsDirectories(