sandbox: Push creation of needed empty directories (like /tmp, TEST_TMPDIR) into the namespace-sandbox, instead of doing it in Java. This fixes an issue where the namespace-sandbox would check-fail on an mkdir() of a directory that was already created in the LinuxSandboxedStrategy.

--
MOS_MIGRATED_REVID=104851563

2 files changed, 32 insertions, 10 deletions

diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
index a7657ad6af..563a19f7f7 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
@@ -17,6 +17,7 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Predicates;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.io.Files;
 import com.google.devtools.build.lib.Constants;
 import com.google.devtools.build.lib.actions.ActionExecutionContext;
@@ -118,16 +119,24 @@ public class LinuxSandboxedStrategy implements SpawnActionContext {
     try {
       // Gather all necessary mounts for the sandbox.
       mounts = getMounts(spawn, actionExecutionContext);
-      createTestTmpDir(spawn, sandboxPath);
     } catch (IllegalArgumentException | IOException e) {
       throw new UserExecException("Could not prepare mounts for sandbox execution", e);
     }
 
+    ImmutableSet<Path> createDirs;
+    try {
+      createDirs = createImportantDirs(spawn.getEnvironment());
+    } catch (IOException e) {
+      throw new UserExecException(
+          "Could not prepare the set of important directories to create in the sandbox", e);
+    }
+
     int timeout = getTimeout(spawn);
 
     try {
       final NamespaceSandboxRunner runner =
-          new NamespaceSandboxRunner(execRoot, sandboxPath, mounts, verboseFailures, sandboxDebug);
+          new NamespaceSandboxRunner(
+              execRoot, sandboxPath, mounts, createDirs, verboseFailures, sandboxDebug);
       try {
         runner.run(
             spawn.getArguments(),
@@ -179,16 +188,19 @@ public class LinuxSandboxedStrategy implements SpawnActionContext {
   }
 
   /**
-   * Tests are a special case and we have to mount the TEST_SRCDIR where the test expects it to be
-   * and also provide a TEST_TMPDIR to the test where it can store temporary files.
+   * Most programs expect certain directories to be present, e.g. /tmp. Make sure they are.
+   *
+   * <p>Note that $HOME is handled by namespace-sandbox.c, because it changes user to nobody and the
+   * home directory of that user is not known by us.
    */
-  private void createTestTmpDir(Spawn spawn, Path sandboxPath) throws IOException {
-    if (spawn.getEnvironment().containsKey("TEST_TMPDIR")) {
-      FileSystem fs = blazeDirs.getFileSystem();
-      Path source = fs.getPath(spawn.getEnvironment().get("TEST_TMPDIR"));
-      Path target = sandboxPath.getRelative(source.asFragment().relativeTo("/"));
-      FileSystemUtils.createDirectoryAndParents(target);
+  private ImmutableSet<Path> createImportantDirs(Map<String, String> env) throws IOException {
+    ImmutableSet.Builder<Path> dirs = ImmutableSet.builder();
+    FileSystem fs = blazeDirs.getFileSystem();
+    if (env.containsKey("TEST_TMPDIR")) {
+      dirs.add(fs.getPath(env.get("TEST_TMPDIR")));
     }
+    dirs.add(fs.getPath("/tmp"));
+    return dirs.build();
   }
 
   private ImmutableMap<Path, Path> getMounts(
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java
index 6b3df924f1..88c49d6e38 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/NamespaceSandboxRunner.java
@@ -15,6 +15,7 @@
 package com.google.devtools.build.lib.sandbox;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.io.ByteStreams;
 import com.google.common.io.Files;
 import com.google.devtools.build.lib.actions.ActionInput;
@@ -50,6 +51,7 @@ public class NamespaceSandboxRunner {
   private final Path sandboxPath;
   private final Path sandboxExecRoot;
   private final ImmutableMap<Path, Path> mounts;
+  private final ImmutableSet<Path> createDirs;
   private final boolean verboseFailures;
   private final boolean sandboxDebug;
 
@@ -57,12 +59,14 @@ public class NamespaceSandboxRunner {
       Path execRoot,
       Path sandboxPath,
       ImmutableMap<Path, Path> mounts,
+      ImmutableSet<Path> createDirs,
       boolean verboseFailures,
       boolean sandboxDebug) {
     this.execRoot = execRoot;
     this.sandboxPath = sandboxPath;
     this.sandboxExecRoot = sandboxPath.getRelative(execRoot.asFragment().relativeTo("/"));
     this.mounts = mounts;
+    this.createDirs = createDirs;
     this.verboseFailures = verboseFailures;
     this.sandboxDebug = sandboxDebug;
   }
@@ -134,6 +138,12 @@ public class NamespaceSandboxRunner {
       args.add(Integer.toString(timeout));
     }
 
+    // Create all needed directories.
+    for (Path createDir : createDirs) {
+      args.add("-d");
+      args.add(createDir.getPathString());
+    }
+
     // Mount all the inputs.
     for (ImmutableMap.Entry<Path, Path> mount : mounts.entrySet()) {
       args.add("-M");