Skip to content

[clang] Bypass FS sandbox during Linux distro detection#175201

Closed
jansvoboda11 wants to merge 1 commit intollvm:mainfrom
jansvoboda11:linux-distro-io-sandbox
Closed

[clang] Bypass FS sandbox during Linux distro detection#175201
jansvoboda11 wants to merge 1 commit intollvm:mainfrom
jansvoboda11:linux-distro-io-sandbox

Conversation

@jansvoboda11
Copy link
Contributor

@jansvoboda11 jansvoboda11 commented Jan 9, 2026

There's some logic in Linux distro detection that relies on the VFS being the real FS. This check is implemented such that it violates the IO sandbox. This PR implements narrow sandbox disablement for this specific check.

@jansvoboda11
[clang] Bypass FS sandbox during Linux distro detection
ba71722 
There's some logic in Linux distro detection that relies on the VFS being the real FS. This check is implemented such that it violates the IO sandbox. This PR implements narrow sandbox disablement for this specific check.
@llvmbot llvmbot added clang Clang issues not falling into any other category clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' labels Jan 9, 2026
@llvmbot
Copy link
Member

llvmbot commented Jan 9, 2026
edited
Loading

@llvm/pr-subscribers-clang-driver

@llvm/pr-subscribers-clang

Author: Jan Svoboda (jansvoboda11)

Changes

There's some logic in Linux distro detection that relies on the VFS being the real FS. This check is implemented such that it violates the IO sandbox. This PR implements narrow sandbox disablement for this specific check.

Full diff: https://github.com/llvm/llvm-project/pull/175201.diff

1 Files Affected:

  • (modified) clang/lib/Driver/Distro.cpp (+5-1)
diff --git a/clang/lib/Driver/Distro.cpp b/clang/lib/Driver/Distro.cpp
index df10458d092d6..3c335891f9971 100644
--- a/clang/lib/Driver/Distro.cpp
+++ b/clang/lib/Driver/Distro.cpp
@@ -11,6 +11,7 @@
 #include "llvm/ADT/StringRef.h"
 #include "llvm/ADT/StringSwitch.h"
 #include "llvm/Support/ErrorOr.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/Threading.h"
 #include "llvm/TargetParser/Host.h"
@@ -211,7 +212,10 @@ static Distro::DistroType GetDistro(llvm::vfs::FileSystem &VFS,
     return Distro::UnknownDistro;
 
   // True if we're backed by a real file system.
-  const bool onRealFS = (llvm::vfs::getRealFileSystem() == &VFS);
+  const bool onRealFS = [&] {
+    auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
+    return llvm::vfs::getRealFileSystem() == &VFS;
+  }();
 
   // If the host is not running Linux, and we're backed by a real file
   // system, no need to check the distro. This is the case where someone

@jansvoboda11
Copy link
Contributor Author

jansvoboda11 commented Jan 9, 2026

Closing in favor of #175097. Generally we don't expect any part of the driver to be free of sandbox violations. The new PR disables the sandbox for the entirety of the driver usage within the sandboxed frontend, instead of just fixing the single offending function call and hoping other parts of the driver don't trigger more violations.

@jansvoboda11 jansvoboda11 deleted the linux-distro-io-sandbox branch January 9, 2026 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benlangmuir benlangmuir benlangmuir approved these changes

Assignees

No one assigned

Labels

clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' clang Clang issues not falling into any other category

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jansvoboda11 @llvmbot @benlangmuir