Fix linux-sandbox failure when there is a mount points under /tmp

Skip remounting such mount points because they are not actually
visible in the sandbox after mounting new tmpfs.

Fixes https://github.com/bazelbuild/bazel/issues/1959

--
Change-Id: Ia1361559966ffb05ea1ddbeaee1ed7d3ebdb9e15
Reviewed-on: https://bazel-review.googlesource.com/#/c/6970/
MOS_MIGRATED_REVID=137397312

1 files changed, 15 insertions, 0 deletions

diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc
index 6bd1db11cb..5f0482e942 100644
--- a/src/main/tools/linux-sandbox-pid1.cc
+++ b/src/main/tools/linux-sandbox-pid1.cc
@@ -321,6 +321,15 @@ static bool ShouldBeWritable(char *mnt_dir) {
   return false;
 }
 
+static bool IsUnderTmpDir(const char *mnt_dir) {
+  for (const char *tmpfs_dir : opt.tmpfs_dirs) {
+    if (strstr(mnt_dir, tmpfs_dir) == mnt_dir) {
+      return true;
+    }
+  }
+  return false;
+}
+
 // Makes the whole filesystem read-only, except for the paths for which
 // ShouldBeWritable returns true.
 static void MakeFilesystemMostlyReadOnly() {
@@ -335,6 +344,12 @@ static void MakeFilesystemMostlyReadOnly() {
     if (strstr(ent->mnt_dir, opt.sandbox_root_dir) != ent->mnt_dir) {
       continue;
     }
+    // Skip mounts that are under tmpfs directories because we've already
+    // replaced such directories with new tmpfs instances.
+    // mount() would fail with ENOENT if we tried to remount such mount points.
+    if (IsUnderTmpDir(ent->mnt_dir + strlen(opt.sandbox_root_dir))) {
+      continue;
+    }
 
     int mountFlags = MS_BIND | MS_REMOUNT;