From 35443d5f29fa10cc7b10d248ec80e15bb791ec98 Mon Sep 17 00:00:00 2001 From: Oscar Bonilla <6f6231@gmail.com> Date: Mon, 17 Jan 2022 03:05:01 -0800 Subject: [PATCH] Don't resolve symlinks for --sandbox_base On macOS BigSur, the sandbox-exec command behaves slightly different than on Catalina when firm links are present. Resolving symlinks can prevent the sandbox for allowing write operations to the sandbox base. This effectively reverts a piece of 656a0ba, namely: > When using --experimental_sandbox_base, ensure that symlinks in the path are > resolved. Before this, you had to check whether on your system /dev/shm is a > symlink to /run/shm and then use that instead. Now it no longer matters, as > symlinks are resolved. See https://github.com/bazelbuild/bazel/issues/13766 for full details. Closes #13984. PiperOrigin-RevId: 422319807 (cherry picked from commit 0de7bb95022057e8b89334f44759cf6f950e131f) --- .../com/google/devtools/build/lib/sandbox/SandboxModule.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxModule.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxModule.java index 4058f4bd5cd758..76abcf67e5a2fc 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxModule.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxModule.java @@ -125,6 +125,10 @@ private static Path computeSandboxBase(SandboxOptions options, CommandEnvironmen env.getRuntime().getProductName(), Fingerprint.getHexDigest(env.getOutputBase().toString())); FileSystem fileSystem = env.getRuntime().getFileSystem(); + if (OS.getCurrent() == OS.DARWIN) { + // Don't resolve symlinks on macOS: See https://github.com/bazelbuild/bazel/issues/13766 + return fileSystem.getPath(options.sandboxBase).getRelative(dirName); + } Path resolvedSandboxBase = fileSystem.getPath(options.sandboxBase).resolveSymbolicLinks(); return resolvedSandboxBase.getRelative(dirName); }