[clang][cas] Work around -cc1 sandbox violations#12110
Open
jansvoboda11 wants to merge 1 commit intonextfrom
Open
[clang][cas] Work around -cc1 sandbox violations#12110jansvoboda11 wants to merge 1 commit intonextfrom
-cc1 sandbox violations#12110jansvoboda11 wants to merge 1 commit intonextfrom
Conversation
cachemeifyoucan
approved these changes
Jan 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After llvm#174653, some CAS tests started failing with sandbox violations. This PR works around these.
The
CompileJobCache::maybeIngestNonVirtualOutputFromFileSystem()function already contains this FIXME:So adding another FIXME for the sandbox disablement itself felt redundant.
The sandbox disablements around the dependency scanner server/daemon infrastructure are obviously not formal inputs/outputs of the compiler, so I didn't feel the need to mark those with FIXMEs or other comments.
However, the many sandbox disablements in
cc1depscan_main.cppmake me question whether we should just disable sandbox once at the start ofcc1depscan_main()and only re-enable it when entering into the scanner.