Fix #2018: Can't access localhost in bazel 0.3.2.

The behavior of the Linux sandbox was changed to not hide the local hostname by default. It is now only hidden when the --sandbox_fake_hostname flag is specified. Also, instead of using the hostname "sandbox" in this case, it now uses "localhost", which fixes the issue of sandboxed processes not being able to resolve their local hostname. RELNOTES: For increased compatibility with environments where UTS namespaces are not available, the Linux sandbox no longer hides the hostname of the local machine by default. Use --sandbox_fake_hostname to re-enable this feature. -- PiperOrigin-RevId: 146244268 MOS_MIGRATED_REVID=146244268
author: Philipp Wollermann <philwo@google.com> 2017-02-01 16:05:02 +0000
committer: Yun Peng <pcloudy@google.com> 2017-02-01 16:36:33 +0000
commit: 28d9bd3d17e9532e97ce72dc9001d94b7e64368c (patch)
tree: 326eb368f9769e4082011c60321f1ade09b5784b /src/main/java
parent: eaa5281942eaeda294b7e36ab012f592c1f637c2 (diff)
6 files changed, 49 insertions, 15 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java
index 06f9244ddd..6c42370634 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxRunner.java
@@ -107,7 +107,11 @@ final class DarwinSandboxRunner extends SandboxRunner {
 
   @Override
   protected Command getCommand(
-      List<String> arguments, Map<String, String> environment, int timeout, boolean allowNetwork)
+      List<String> arguments,
+      Map<String, String> environment,
+      int timeout,
+      boolean allowNetwork,
+      boolean useFakeHostname)
       throws IOException {
     writeConfig(allowNetwork);
 
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxRunner.java
index e49fabfc50..2144c44e9a 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxRunner.java
@@ -107,9 +107,13 @@ final class LinuxSandboxRunner extends SandboxRunner {
 
   @Override
   protected Command getCommand(
-      List<String> spawnArguments, Map<String, String> env, int timeout, boolean allowNetwork)
+      List<String> spawnArguments,
+      Map<String, String> env,
+      int timeout,
+      boolean allowNetwork,
+      boolean useFakeHostname)
       throws IOException {
-    writeConfig(timeout, allowNetwork);
+    writeConfig(timeout, allowNetwork, useFakeHostname);
 
     List<String> commandLineArgs = new ArrayList<>(3 + spawnArguments.size());
     commandLineArgs.add(execRoot.getRelative("_bin/linux-sandbox").getPathString());
@@ -119,7 +123,8 @@ final class LinuxSandboxRunner extends SandboxRunner {
     return new Command(commandLineArgs.toArray(new String[0]), env, sandboxExecRoot.getPathFile());
   }
 
-  private void writeConfig(int timeout, boolean allowNetwork) throws IOException {
+  private void writeConfig(int timeout, boolean allowNetwork, boolean useFakeHostname)
+      throws IOException {
     List<String> fileArgs = new ArrayList<>();
 
     if (sandboxDebug) {
@@ -172,6 +177,11 @@ final class LinuxSandboxRunner extends SandboxRunner {
       fileArgs.add("-N");
     }
 
+    if (useFakeHostname) {
+      // Use a fake hostname ("localhost") inside the sandbox when blocking network access.
+      fileArgs.add("-H");
+    }
+
     FileSystemUtils.writeLinesAs(argumentsFilePath, StandardCharsets.ISO_8859_1, fileArgs);
   }
 }
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/ProcessWrapperRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/ProcessWrapperRunner.java
index 723e930759..b4102a7e22 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/ProcessWrapperRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/ProcessWrapperRunner.java
@@ -54,7 +54,11 @@ final class ProcessWrapperRunner extends SandboxRunner {
 
   @Override
   protected Command getCommand(
-      List<String> spawnArguments, Map<String, String> env, int timeout, boolean allowNetwork) {
+      List<String> spawnArguments,
+      Map<String, String> env,
+      int timeout,
+      boolean allowNetwork,
+      boolean useFakeHostname) {
     List<String> commandLineArgs = new ArrayList<>(5 + spawnArguments.size());
     commandLineArgs.add(execRoot.getRelative("_bin/process-wrapper").getPathString());
     commandLineArgs.add(Integer.toString(timeout));
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
index b8ceb8094c..0618c85b07 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
@@ -86,6 +86,14 @@ public class SandboxOptions extends OptionsBase {
   public boolean sandboxDebug;
 
   @Option(
+    name = "sandbox_fake_hostname",
+    defaultValue = "false",
+    category = "strategy",
+    help = "Change the current hostname to 'localhost' for sandboxed actions."
+  )
+  public boolean sandboxFakeHostname;
+
+  @Option(
     name = "sandbox_block_path",
     allowMultiple = true,
     defaultValue = "",
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxRunner.java
index e3643332d5..49d661d743 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxRunner.java
@@ -45,10 +45,11 @@ abstract class SandboxRunner {
    *
    * @param arguments - arguments of spawn to run inside the sandbox.
    * @param environment - environment variables to pass to the spawn.
-   * @param outErr - error output to capture sandbox's and command's stderr
-   * @param timeout - after how many seconds should the process be killed
-   * @param allowNetwork - whether networking should be allowed for the process
-   * @param sandboxDebug - whether debugging message should be printed
+   * @param outErr - error output to capture sandbox's and command's stderr.
+   * @param timeout - after how many seconds should the process be killed.
+   * @param allowNetwork - whether networking should be allowed for the process.
+   * @param sandboxDebug - whether debugging message should be printed.
+   * @param useFakeHostname - whether the hostname should be set to 'localhost' inside the sandbox.
    */
   void run(
       List<String> arguments,
@@ -56,11 +57,12 @@ abstract class SandboxRunner {
       OutErr outErr,
       int timeout,
       boolean allowNetwork,
-      boolean sandboxDebug)
+      boolean sandboxDebug,
+      boolean useFakeHostname)
       throws ExecException {
     Command cmd;
     try {
-      cmd = getCommand(arguments, environment, timeout, allowNetwork);
+      cmd = getCommand(arguments, environment, timeout, allowNetwork, useFakeHostname);
     } catch (IOException e) {
       throw new UserExecException("I/O error during sandboxed execution", e);
     }
@@ -106,11 +108,16 @@ abstract class SandboxRunner {
    *
    * @param arguments - arguments of spawn to run inside the sandbox.
    * @param environment - environment variables to pass to the spawn.
-   * @param timeout - after how many seconds should the process be killed
-   * @param allowNetwork - whether networking should be allowed for the process
+   * @param timeout - after how many seconds should the process be killed.
+   * @param allowNetwork - whether networking should be allowed for the process.
+   * @param useFakeHostname - whether the hostname should be set to 'localhost' inside the sandbox.
    */
   protected abstract Command getCommand(
-      List<String> arguments, Map<String, String> environment, int timeout, boolean allowNetwork)
+      List<String> arguments,
+      Map<String, String> environment,
+      int timeout,
+      boolean allowNetwork,
+      boolean useFakeHostname)
       throws IOException;
 
   /**
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxStrategy.java
index 18df3d0387..ce917f3b78 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxStrategy.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxStrategy.java
@@ -78,7 +78,8 @@ abstract class SandboxStrategy implements SandboxedSpawnActionContext {
           outErr,
           Spawns.getTimeoutSeconds(spawn),
           SandboxHelpers.shouldAllowNetwork(buildRequest, spawn),
-          sandboxOptions.sandboxDebug);
+          sandboxOptions.sandboxDebug,
+          sandboxOptions.sandboxFakeHostname);
     } catch (ExecException e) {
       execException = e;
     }
author	Philipp Wollermann <philwo@google.com>	2017-02-01 16:05:02 +0000
committer	Yun Peng <pcloudy@google.com>	2017-02-01 16:36:33 +0000
commit	28d9bd3d17e9532e97ce72dc9001d94b7e64368c (patch)
tree	326eb368f9769e4082011c60321f1ade09b5784b /src/main/java
parent	eaa5281942eaeda294b7e36ab012f592c1f637c2 (diff)