Skip to content

Commit

Permalink
Reorder permission settings calls for inaccessibleHelper*.
Browse files Browse the repository at this point in the history 
Fixes #16364.

PiperOrigin-RevId: 483678185
Change-Id: I2336e6c86afa424146cb7088274ec3a51ff669d8
  • Loading branch information
@larsrc-google @copybara-github
larsrc-google authored and copybara-github committed Oct 25, 2022
1 parent e85efe8 commit 69ddc0a
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,19 @@ static LinuxSandboxedSpawnRunner create(
boolean sandboxfsMapSymlinkTargets,
TreeDeleter treeDeleter)
throws IOException {
// The order of the permissions settings calls matters, see
// https://github.com/bazelbuild/bazel/issues/16364
Path inaccessibleHelperFile = sandboxBase.getRelative("inaccessibleHelperFile");
FileSystemUtils.touchFile(inaccessibleHelperFile);
inaccessibleHelperFile.setReadable(false);
inaccessibleHelperFile.setWritable(false);
inaccessibleHelperFile.setExecutable(false);
inaccessibleHelperFile.setWritable(false);
inaccessibleHelperFile.setReadable(false);

Path inaccessibleHelperDir = sandboxBase.getRelative("inaccessibleHelperDir");
inaccessibleHelperDir.createDirectory();
inaccessibleHelperDir.setReadable(false);
inaccessibleHelperDir.setWritable(false);
inaccessibleHelperDir.setExecutable(false);
inaccessibleHelperDir.setWritable(false);
inaccessibleHelperDir.setReadable(false);

return new LinuxSandboxedSpawnRunner(
helpers,
Expand Down

0 comments on commit 69ddc0a

Please sign in to comment.