diff options
author | 2016-09-01 11:59:08 +0000 | |
---|---|---|
committer | 2016-09-01 14:49:39 +0000 | |
commit | be128a56882fba6d2e44517d77a10df1b97073ff (patch) | |
tree | e6b73fc9a9aab3c9aa4dd32ca912bf61a065bffe /src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java | |
parent | 0d5ecf708f5e4c88b370bbab2ccc313fafe74348 (diff) |
fix run_under command
--
Change-Id: I765eaa6f0ecb31508eaf41f88be989f8e1169c51
Reviewed-on: https://bazel-review.googlesource.com/#/c/5711
MOS_MIGRATED_REVID=131934871
Diffstat (limited to 'src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java')
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java index e3da6ab6a2..3f559babff 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java @@ -40,18 +40,21 @@ final class DarwinSandboxRunner extends SandboxRunner { private final Path argumentsFilePath; private final Set<Path> writableDirs; private final Set<Path> inaccessiblePaths; + private final Path runUnderPath; DarwinSandboxRunner( Path sandboxPath, Path sandboxExecRoot, Set<Path> writableDirs, Set<Path> inaccessiblePaths, + Path runUnderPath, boolean verboseFailures) { super(sandboxPath, sandboxExecRoot, verboseFailures); this.sandboxExecRoot = sandboxExecRoot; this.argumentsFilePath = sandboxPath.getRelative("sandbox.sb"); this.writableDirs = writableDirs; this.inaccessiblePaths = inaccessiblePaths; + this.runUnderPath = runUnderPath; } static boolean isSupported() { @@ -113,6 +116,9 @@ final class DarwinSandboxRunner extends SandboxRunner { for (Path inaccessiblePath : inaccessiblePaths) { out.println("(deny file-read* (subpath \"" + inaccessiblePath + "\"))"); } + if (runUnderPath != null) { + out.println("(allow file-read* (subpath \"" + runUnderPath + "\"))"); + } // Almost everything else is read-only. out.println("(deny file-write* (subpath \"/\"))"); |