From 2d03853cc11429c5ef0a345416e8615ef45586f9 Mon Sep 17 00:00:00 2001 From: Philipp Wollermann Date: Fri, 30 Sep 2016 11:44:20 +0000 Subject: [PATCH] Fix #1849: Sandboxing on OS X should be turned off by default for 0.3.2. This restructures the way we set the default Spawn strategy so that each BlazeModule supplying a SpawnActionContext has an ActionContextConsumer that sets its own SpawnActionContext as the default, with the BazelRulesModule being put as the last module loaded in BazelMain, so that it can override that decision - it only does, if the user explicitly specifies a --spawn_strategy flag. IMHO this is a much saner approach than the older one. So the flow is essentially this: - StandaloneActionContextConsumer sets the default strategy to "standalone". - SandboxActionContextConsumer sets the default strategy to "sandboxed", but only on Linux - BazelRulesModule sets the default strategy to the value of the --spawn_strategy flag, if it is set. -- MOS_MIGRATED_REVID=134770427 --- .../devtools/build/lib/bazel/BazelMain.java | 5 +- .../rules/BazelActionContextConsumer.java | 81 +++++++++++++++++++ .../lib/bazel/rules/BazelRulesModule.java | 60 +------------- .../sandbox/SandboxActionContextConsumer.java | 13 ++- .../StandaloneActionContextConsumer.java | 44 ++++++++++ .../lib/standalone/StandaloneModule.java | 8 ++ src/test/shell/bazel/bazel_sandboxing_test.sh | 2 +- 7 files changed, 149 insertions(+), 64 deletions(-) create mode 100644 src/main/java/com/google/devtools/build/lib/bazel/rules/BazelActionContextConsumer.java create mode 100644 src/main/java/com/google/devtools/build/lib/standalone/StandaloneActionContextConsumer.java diff --git a/src/main/java/com/google/devtools/build/lib/bazel/BazelMain.java b/src/main/java/com/google/devtools/build/lib/bazel/BazelMain.java index 844710c4e75acd..29e598659d05a0 100644 --- a/src/main/java/com/google/devtools/build/lib/bazel/BazelMain.java +++ b/src/main/java/com/google/devtools/build/lib/bazel/BazelMain.java @@ -18,7 +18,6 @@ import com.google.devtools.build.lib.analysis.BlazeVersionInfo; import com.google.devtools.build.lib.runtime.BlazeModule; import com.google.devtools.build.lib.runtime.BlazeRuntime; - import java.io.IOException; import java.io.InputStream; import java.util.List; @@ -43,13 +42,13 @@ public final class BazelMain { com.google.devtools.build.lib.bazel.BazelDiffAwarenessModule.class, com.google.devtools.build.lib.bazel.BazelRepositoryModule.class, com.google.devtools.build.lib.bazel.dash.DashModule.class, - com.google.devtools.build.lib.bazel.rules.BazelRulesModule.class, com.google.devtools.build.lib.ssd.SsdModule.class, com.google.devtools.build.lib.worker.WorkerModule.class, com.google.devtools.build.lib.remote.RemoteModule.class, com.google.devtools.build.lib.standalone.StandaloneModule.class, com.google.devtools.build.lib.sandbox.SandboxModule.class, - com.google.devtools.build.lib.runtime.BuildSummaryStatsModule.class); + com.google.devtools.build.lib.runtime.BuildSummaryStatsModule.class, + com.google.devtools.build.lib.bazel.rules.BazelRulesModule.class); public static void main(String[] args) { BlazeVersionInfo.setBuildInfo(tryGetBuildInfo()); diff --git a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelActionContextConsumer.java b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelActionContextConsumer.java new file mode 100644 index 00000000000000..d9db7e4a0068b0 --- /dev/null +++ b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelActionContextConsumer.java @@ -0,0 +1,81 @@ +// Copyright 2016 The Bazel Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.devtools.build.lib.bazel.rules; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableMultimap; +import com.google.common.collect.Multimap; +import com.google.devtools.build.lib.actions.ActionContextConsumer; +import com.google.devtools.build.lib.actions.Executor.ActionContext; +import com.google.devtools.build.lib.analysis.actions.FileWriteActionContext; +import com.google.devtools.build.lib.bazel.rules.BazelRulesModule.BazelExecutionOptions; +import com.google.devtools.build.lib.rules.android.WriteAdbArgsActionContext; +import com.google.devtools.build.lib.rules.cpp.CppCompileActionContext; +import com.google.devtools.build.lib.rules.cpp.CppLinkActionContext; +import com.google.devtools.build.lib.rules.cpp.IncludeScanningContext; +import java.util.Map; +import java.util.TreeMap; + +/** + * An object describing the {@link ActionContext} implementation that some actions require in Bazel. + */ +public class BazelActionContextConsumer implements ActionContextConsumer { + private final BazelExecutionOptions options; + + protected BazelActionContextConsumer(BazelExecutionOptions options) { + this.options = options; + } + + @Override + public ImmutableMap getSpawnActionContexts() { + Map contexts = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); + + // Default strategies for certain mnemonics - they can be overridden by --strategy= flags. + contexts.put("Javac", "worker"); + + for (Map.Entry strategy : options.strategy) { + String strategyName = strategy.getValue(); + // TODO(philwo) - remove this when the standalone / local mess is cleaned up. + // Some flag expansions use "local" as the strategy name, but the strategy is now called + // "standalone", so we'll translate it here. + if (strategyName.equals("local")) { + strategyName = "standalone"; + } + contexts.put(strategy.getKey(), strategyName); + } + + if (!options.genruleStrategy.isEmpty()) { + contexts.put("Genrule", options.genruleStrategy); + } + + // TODO(bazel-team): put this in getActionContexts (key=SpawnActionContext.class) instead + if (!options.spawnStrategy.isEmpty()) { + contexts.put("", options.spawnStrategy); + } + + return ImmutableMap.copyOf(contexts); + } + + @Override + public Multimap, String> getActionContexts() { + return ImmutableMultimap., String>builder() + .put(CppCompileActionContext.class, "") + .put(CppLinkActionContext.class, "") + .put(IncludeScanningContext.class, "") + .put(FileWriteActionContext.class, "") + .put(WriteAdbArgsActionContext.class, "") + .build(); + } +} diff --git a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRulesModule.java b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRulesModule.java index 26fd3af4b553a0..0fe4aa2a4a373b 100644 --- a/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRulesModule.java +++ b/src/main/java/com/google/devtools/build/lib/bazel/rules/BazelRulesModule.java @@ -16,25 +16,17 @@ import com.google.common.base.Supplier; import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableMultimap; -import com.google.common.collect.Multimap; import com.google.common.eventbus.Subscribe; import com.google.devtools.build.lib.actions.ActionContextConsumer; import com.google.devtools.build.lib.actions.ActionContextProvider; -import com.google.devtools.build.lib.actions.Executor.ActionContext; import com.google.devtools.build.lib.actions.SimpleActionContextProvider; import com.google.devtools.build.lib.analysis.BlazeDirectories; import com.google.devtools.build.lib.analysis.ConfiguredRuleClassProvider; -import com.google.devtools.build.lib.analysis.actions.FileWriteActionContext; import com.google.devtools.build.lib.bazel.rules.cpp.BazelCppRuleClasses; import com.google.devtools.build.lib.query2.output.OutputFormatter; import com.google.devtools.build.lib.rules.android.WriteAdbArgsActionContext; -import com.google.devtools.build.lib.rules.cpp.CppCompileActionContext; -import com.google.devtools.build.lib.rules.cpp.CppLinkActionContext; import com.google.devtools.build.lib.rules.cpp.FdoSupportFunction; import com.google.devtools.build.lib.rules.cpp.FdoSupportValue; -import com.google.devtools.build.lib.rules.cpp.IncludeScanningContext; import com.google.devtools.build.lib.rules.genquery.GenQuery; import com.google.devtools.build.lib.runtime.BlazeModule; import com.google.devtools.build.lib.runtime.Command; @@ -49,7 +41,6 @@ import java.io.IOException; import java.util.List; import java.util.Map; -import java.util.TreeMap; /** * Module implementing the rule set of Bazel. @@ -92,54 +83,6 @@ public static class BazelExecutionOptions extends OptionsBase { public List> strategy; } - /** - * An object describing the {@link ActionContext} implementation that some actions require in - * Bazel. - */ - protected static class BazelActionContextConsumer implements ActionContextConsumer { - private final BazelExecutionOptions options; - - protected BazelActionContextConsumer(BazelExecutionOptions options) { - this.options = options; - } - @Override - public ImmutableMap getSpawnActionContexts() { - Map contexts = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - - // Default strategies for certain mnemonics - they can be overridden by --strategy= flags. - contexts.put("Javac", "worker"); - - contexts.put("Genrule", options.genruleStrategy); - - for (Map.Entry strategy : options.strategy) { - String strategyName = strategy.getValue(); - // TODO(philwo) - remove this when the standalone / local mess is cleaned up. - // Some flag expansions use "local" as the strategy name, but the strategy is now called - // "standalone", so we'll translate it here. - if (strategyName.equals("local")) { - strategyName = "standalone"; - } - contexts.put(strategy.getKey(), strategyName); - } - - // TODO(bazel-team): put this in getActionContexts (key=SpawnActionContext.class) instead - contexts.put("", options.spawnStrategy); - - return ImmutableMap.copyOf(contexts); - } - - @Override - public Multimap, String> getActionContexts() { - return ImmutableMultimap., String>builder() - .put(CppCompileActionContext.class, "") - .put(CppLinkActionContext.class, "") - .put(IncludeScanningContext.class, "") - .put(FileWriteActionContext.class, "") - .put(WriteAdbArgsActionContext.class, "") - .build(); - } - } - private CommandEnvironment env; protected BazelExecutionOptions options; @@ -170,8 +113,7 @@ public Iterable getActionContextProviders() { @Override public Iterable getActionContextConsumers() { - return ImmutableList.of( - new BazelActionContextConsumer(options)); + return ImmutableList.of(new BazelActionContextConsumer(options)); } @Subscribe diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextConsumer.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextConsumer.java index cd468fd1f9a0ea..403b8b98378f37 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextConsumer.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextConsumer.java @@ -30,22 +30,33 @@ final class SandboxActionContextConsumer implements ActionContextConsumer { private final ImmutableMultimap, String> contexts; + private final ImmutableMap spawnContexts; public SandboxActionContextConsumer(CommandEnvironment env) { ImmutableMultimap.Builder, String> contexts = ImmutableMultimap.builder(); + ImmutableMap.Builder spawnContexts = ImmutableMap.builder(); + // This makes the "sandboxed" strategy available via --spawn_strategy=sandboxed, + // but it is not necessarily the default. if ((OS.getCurrent() == OS.LINUX && LinuxSandboxedStrategy.isSupported(env)) || (OS.getCurrent() == OS.DARWIN && DarwinSandboxRunner.isSupported())) { contexts.put(SpawnActionContext.class, "sandboxed"); + + // This makes the "sandboxed" strategy the default Spawn strategy on Linux, unless it is + // overridden by a later BlazeModule. + if (OS.getCurrent() == OS.LINUX) { + spawnContexts.put("", "sandboxed"); + } } this.contexts = contexts.build(); + this.spawnContexts = spawnContexts.build(); } @Override public ImmutableMap getSpawnActionContexts() { - return ImmutableMap.of(); + return spawnContexts; } @Override diff --git a/src/main/java/com/google/devtools/build/lib/standalone/StandaloneActionContextConsumer.java b/src/main/java/com/google/devtools/build/lib/standalone/StandaloneActionContextConsumer.java new file mode 100644 index 00000000000000..beb11254752c27 --- /dev/null +++ b/src/main/java/com/google/devtools/build/lib/standalone/StandaloneActionContextConsumer.java @@ -0,0 +1,44 @@ +// Copyright 2016 The Bazel Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.devtools.build.lib.standalone; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableMultimap; +import com.google.common.collect.Multimap; +import com.google.devtools.build.lib.actions.ActionContextConsumer; +import com.google.devtools.build.lib.actions.Executor.ActionContext; +import com.google.devtools.build.lib.actions.SpawnActionContext; + +/** + * {@link ActionContextConsumer} that requests the action contexts necessary for standalone + * execution. + */ +public class StandaloneActionContextConsumer implements ActionContextConsumer { + + @Override + public ImmutableMap getSpawnActionContexts() { + // This makes the "sandboxed" strategy the default Spawn strategy, unless it is overridden by a + // later BlazeModule. + return ImmutableMap.of("", "standalone"); + } + + @Override + public Multimap, String> getActionContexts() { + // This makes the "standalone" strategy available via --spawn_strategy=standalone, but it is not + // necessarily the default. + return ImmutableMultimap., String>of( + SpawnActionContext.class, "standalone"); + } +} diff --git a/src/main/java/com/google/devtools/build/lib/standalone/StandaloneModule.java b/src/main/java/com/google/devtools/build/lib/standalone/StandaloneModule.java index a8118ea3673bb9..58145b0ad333eb 100644 --- a/src/main/java/com/google/devtools/build/lib/standalone/StandaloneModule.java +++ b/src/main/java/com/google/devtools/build/lib/standalone/StandaloneModule.java @@ -15,12 +15,14 @@ import com.google.common.collect.ImmutableList; import com.google.common.eventbus.Subscribe; +import com.google.devtools.build.lib.actions.ActionContextConsumer; import com.google.devtools.build.lib.actions.ActionContextProvider; import com.google.devtools.build.lib.buildtool.BuildRequest; import com.google.devtools.build.lib.buildtool.buildevent.BuildStartingEvent; import com.google.devtools.build.lib.runtime.BlazeModule; import com.google.devtools.build.lib.runtime.Command; import com.google.devtools.build.lib.runtime.CommandEnvironment; +import com.google.devtools.build.lib.util.Preconditions; /** * StandaloneModule provides pluggable functionality for blaze. @@ -29,6 +31,12 @@ public class StandaloneModule extends BlazeModule { private CommandEnvironment env; private BuildRequest buildRequest; + @Override + public Iterable getActionContextConsumers() { + Preconditions.checkNotNull(env); + return ImmutableList.of(new StandaloneActionContextConsumer()); + } + @Override public Iterable getActionContextProviders() { return ImmutableList.of( diff --git a/src/test/shell/bazel/bazel_sandboxing_test.sh b/src/test/shell/bazel/bazel_sandboxing_test.sh index 17e3d4fed2ec78..685bf05c5411c3 100755 --- a/src/test/shell/bazel/bazel_sandboxing_test.sh +++ b/src/test/shell/bazel/bazel_sandboxing_test.sh @@ -222,7 +222,7 @@ function test_sandbox_cleanup() { bazel build examples/genrule:tools_work &> $TEST_log \ || fail "Hermetic genrule failed: examples/genrule:tools_work" bazel shutdown &> $TEST_log || fail "bazel shutdown failed" - if [[ "$(ls -la "$(bazel info output_base)/bazel-sandbox")" ]]; then + if [[ -n "$(ls -A "$(bazel info output_base)/bazel-sandbox")" ]]; then fail "Build left files around afterwards" fi }