diff options
| author |  Philipp Wollermann <philwo@google.com> | 2017-03-24 09:47:11 +0000 |
|---|---|---|
| committer |  Yue Gan <yueg@google.com> | 2017-03-24 12:20:06 +0000 |
| commit | 3e2329a73ffd5d60e5e2babe60ebe5bf322c07da (patch) | |
| tree | b1a66c81c4e59eedc84fb28bc8a02ec68fe3ed73 /src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java | |
| parent | 2879971666e0cc3f1f24ae91b88c4400af77e7f3 (diff) | |
sandbox: Remove the flag --sandbox_block_path.
It is in the way of optimizing the performance of the sandbox, because
it requires us to create two helper files (an unreadable file and an
unreadable directory) which are bind-mounted on top of paths specified
via this flag. These two helper files were created on a tmpfs mounted by
the sandbox until now, which ensured that they were automatically
deleted on exit. However, mounting tmpfs on /dev/shm or /tmp causes
issues like #2686 or #1882.
By removing this flag, we can get rid of the two helper files, which
means we can also remove the reliance on a "sandbox temp directory"
completely in the next change.
--
PiperOrigin-RevId: 151107496
MOS_MIGRATED_REVID=151107496
Diffstat (limited to 'src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java')
| -rw-r--r-- | src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java index 6c42370634..a297ebe4f9 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java @@ -44,21 +44,18 @@ final class DarwinSandboxRunner extends SandboxRunner { private final Path sandboxExecRoot; private final Path argumentsFilePath; private final Set<Path> writableDirs; - private final Set<Path> inaccessiblePaths; private final Path runUnderPath; DarwinSandboxRunner( Path sandboxPath, Path sandboxExecRoot, Set<Path> writableDirs, - Set<Path> inaccessiblePaths, Path runUnderPath, boolean verboseFailures) { super(verboseFailures); this.sandboxExecRoot = sandboxExecRoot; this.argumentsFilePath = sandboxPath.getRelative("sandbox.sb"); this.writableDirs = writableDirs; - this.inaccessiblePaths = inaccessiblePaths; this.runUnderPath = runUnderPath; } @@ -141,9 +138,6 @@ final class DarwinSandboxRunner extends SandboxRunner { out.println("(allow network* (local ip \"localhost:*\"))"); out.println("(allow network* (remote ip \"localhost:*\"))"); - for (Path inaccessiblePath : inaccessiblePaths) { - out.println("(deny file-read* (subpath \"" + inaccessiblePath + "\"))"); - } if (runUnderPath != null) { out.println("(allow file-read* (subpath \"" + runUnderPath + "\"))"); } |