Description of the problem / feature request:
The permissions on the directory created by the sandbox_base option are world readable by default. When this is set to /dev/shm on a shared user system this exposes the build files to all users during the build.
Feature requests: what underlying problem are you trying to solve with this feature?
Remove world readable permissions from the directory created by sandbox_base
Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
bazel build //... --sandbox_base=/dev/shm
Observe permissions on sandbox directory in /dev/shm are world readable
What operating system are you running Bazel on?
centos 7
Description of the problem / feature request:
The permissions on the directory created by the sandbox_base option are world readable by default. When this is set to /dev/shm on a shared user system this exposes the build files to all users during the build.
Feature requests: what underlying problem are you trying to solve with this feature?
Remove world readable permissions from the directory created by sandbox_base
Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
bazel build //... --sandbox_base=/dev/shm
Observe permissions on sandbox directory in /dev/shm are world readable
What operating system are you running Bazel on?
centos 7