Mount user-specified bind mounts before Bazel's own magic.

lberki · copybara-github · commit 3748084889d8 · 2023-12-19T08:44:23.000-08:00
This makes it possible to mount directories under /tmp somewhere else. Before, /tmp was overridden by the implementation of hermetic /tmp. Fixes #20527. RELNOTES: None. PiperOrigin-RevId: 592247867 Change-Id: Ib5b75cd21ffe4fa4c8ee3f75d82894da6dd61f54
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
@@ -423,6 +423,7 @@ private ImmutableList<BindMount> getBindMounts(
 
     LinuxSandboxUtil.validateBindMounts(bindMounts);
     ImmutableList.Builder<BindMount> result = ImmutableList.builder();
+    bindMounts.forEach((k, v) -> result.add(BindMount.of(k, v)));
 
     if (sandboxTmp != null) {
       // First mount the real exec root and the empty directory created as the working dir of the
@@ -445,7 +446,6 @@ private ImmutableList<BindMount> getBindMounts(
       result.add(BindMount.of(tmpPath, sandboxTmp));
     }
 
-    bindMounts.forEach((k, v) -> result.add(BindMount.of(k, v)));
     return result.build();
   }
 
diff --git a/src/test/shell/bazel/bazel_sandboxing_test.sh b/src/test/shell/bazel/bazel_sandboxing_test.sh
@@ -306,6 +306,34 @@ EOF
   bazel build //pkg:a &>$TEST_log || fail "expected build to succeed"
 }
 
+function test_add_mount_pair_tmp_source() {
+  if [[ "$PLATFORM" == "darwin" ]]; then
+    # Tests Linux-specific functionality
+    return 0
+  fi
+
+  create_workspace_with_default_repos WORKSPACE
+
+  sed -i.bak '/sandbox_tmpfs_path/d' $TEST_TMPDIR/bazelrc
+
+  mkdir -p pkg
+  cat > pkg/BUILD <<'EOF'
+genrule(
+    name = "gen",
+    outs = ["gen.txt"],
+    cmd = "cp /etc/data.txt $@",
+)
+EOF
+
+  local mounted=$(mktemp -d "/tmp/bazel_mounted.XXXXXXXX")
+  trap "rm -fr $mounted" EXIT
+  echo GOOD > "$mounted/data.txt"
+
+  # This assumes the existence of /etc on the host system
+  bazel build --sandbox_add_mount_pair="$mounted:/etc" //pkg:gen || fail "build failed"
+  assert_contains GOOD bazel-bin/pkg/gen.txt
+}
+
 # The test shouldn't fail if the environment doesn't support running it.
 check_sandbox_allowed || exit 0
 

Original file line number	Diff line number	Diff line change
`@@ -423,6 +423,7 @@ private ImmutableList<BindMount> getBindMounts(`
`423`	`423`
`424`	`424`	`LinuxSandboxUtil.validateBindMounts(bindMounts);`
`425`	`425`	`ImmutableList.Builder<BindMount> result = ImmutableList.builder();`
	`426`	`+ bindMounts.forEach((k, v) -> result.add(BindMount.of(k, v)));`
`426`	`427`
`427`	`428`	`if (sandboxTmp != null) {`
`428`	`429`	`// First mount the real exec root and the empty directory created as the working dir of the`
`@@ -445,7 +446,6 @@ private ImmutableList<BindMount> getBindMounts(`
`445`	`446`	`result.add(BindMount.of(tmpPath, sandboxTmp));`
`446`	`447`	`}`
`447`	`448`
`448`		`- bindMounts.forEach((k, v) -> result.add(BindMount.of(k, v)));`
`449`	`449`	`return result.build();`
`450`	`450`	`}`
`451`	`451`