diff options
| author |  Laszlo Csomor <laszlocsomor@google.com> | 2018-01-05 08:34:44 -0800 |
|---|---|---|
| committer |  Copybara-Service <copybara-piper@google.com> | 2018-01-05 08:36:24 -0800 |
| commit | 39a23a0e3d63c538b8aa9f6f94a3a3916998e973 (patch) | |
| tree | 6fab378a4aadc0ffd07903b2a06b8737992a110e /src/main/java/com/google/devtools/build/lib/sandbox | |
| parent | 91695a31a8414f87a21ad2f32c4a122f5823bdfa (diff) | |
sandbox: error out if $TEST_TMPDIR doesn't exist
As part of setting up a sandbox, Bazel creates the
list of writable paths. If the action's
environment defines $TEST_TMPDIR, then it's a test
action and the sandbox must allow writing to that
path, therefore Bazel must add $TEST_TMPDIR to the
writable paths.
Bazel must resolve symlinks in that path though,
at least on the last path segment, because in case
the path points to a symlink, the action would be
allowed to modify the symlink itself, and not
access what the link points to.
However the path must exist for Bazel to
successfully resolve symlinks, therefore this
commit adds a check for that.
Given that the code was there since at least July
2017, and I'm not aware of bugs caused by it, I
conclude that this code path either never runs or
nobody ever triggered it. Either way, adding the
check is the right thing to do.
Change-Id: I87a5d3fc3fe7878a918ed318c71e8d135f10f1b8
PiperOrigin-RevId: 180931382
Diffstat (limited to 'src/main/java/com/google/devtools/build/lib/sandbox')
| -rw-r--r-- | src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java index c9329c2ce5..90bbbcbb3e 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/AbstractSandboxSpawnRunner.java @@ -230,6 +230,8 @@ abstract class AbstractSandboxSpawnRunner implements SpawnRunner { */ protected ImmutableSet<Path> getWritableDirs( Path sandboxExecRoot, Map<String, String> env, Path tmpDir) throws IOException { + FileSystem fileSystem = sandboxExecRoot.getFileSystem(); + // We have to make the TEST_TMPDIR directory writable if it is specified. ImmutableSet.Builder<Path> writablePaths = ImmutableSet.builder(); writablePaths.add(sandboxExecRoot); @@ -237,7 +239,18 @@ abstract class AbstractSandboxSpawnRunner implements SpawnRunner { if (tmpDirString != null) { PathFragment testTmpDir = PathFragment.create(tmpDirString); if (testTmpDir.isAbsolute()) { - writablePaths.add(sandboxExecRoot.getRelative(testTmpDir).resolveSymbolicLinks()); + Path p = fileSystem.getPath(testTmpDir); + if (!p.exists()) { + // If `testTmpDir` itself is a symlink, then adding it to `writablePaths` would result in + // making the symlink itself writable, not what it points to. Therefore we need to resolve + // symlinks in `testTmpDir`, however for that we need `testTmpDir` to exist. + throw new IOException( + String.format( + "Cannot resolve symlinks in TEST_TMPDIR, because it is a non-existent, " + + "absolute path: \"%s\"", + p.getPathString())); + } + writablePaths.add(p.resolveSymbolicLinks()); } else { // We add this even though it is below sandboxExecRoot (and thus already writable as a // subpath) to take advantage of the side-effect that SymlinkedExecRoot also creates this @@ -248,7 +261,6 @@ abstract class AbstractSandboxSpawnRunner implements SpawnRunner { writablePaths.add(tmpDir); - FileSystem fileSystem = sandboxExecRoot.getFileSystem(); for (String writablePath : sandboxOptions.sandboxWritablePath) { Path path = fileSystem.getPath(writablePath); writablePaths.add(path); |