[7.0.0] Do not do magic to achieve a hermetic /tmp when the sandbox i…

…s hermetic (#20145) The sandbox process already does a `chroot()` and creates a fresh `/tmp` in it so no magic is needed. RELNOTES: None. Commit 491284b PiperOrigin-RevId: 579782553 Change-Id: Ia5df1911ab326b739a0693ae81c794ecd8dce53d Co-authored-by: Googler <lberki@google.com>
bazelbuild · Nov 10, 2023 · 92beb02 · 92beb02
1 parent 57b0bd7
commit 92beb02
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
@@ -187,6 +187,12 @@ private boolean useHermeticTmp() {
       return false;
     }
 
+    if (getSandboxOptions().useHermetic) {
+      // The hermetic sandbox is, well, already hermetic. Also, it creates an empty /tmp by default
+      // so nothing needs to be done to achieve a /tmp that is also hermetic.
+      return false;
+    }
+
     boolean tmpExplicitlyBindMounted =
         getSandboxOptions().sandboxAdditionalMounts.stream()
             .anyMatch(e -> e.getKey().equals("/tmp"));