From 4390142315a0d6ed0f67712061498c68389ea3b7 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 15 Nov 2015 06:08:50 -0500 Subject: [PATCH] Use AutoDelete for sandbox profile file --- src/libstore/build.cc | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 1dee1ca2c..6f662f81d 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -778,9 +778,13 @@ private: DirsInChroot dirsInChroot; typedef map Environment; Environment env; +#if SANDBOX_ENABLED typedef string SandboxProfile; SandboxProfile additionalSandboxProfile; + AutoDelete autoDelSandbox; +#endif + /* Hash rewriting. */ HashRewrites rewritesToTmp, rewritesFromTmp; typedef map RedirectedOutputs; @@ -2445,9 +2449,10 @@ void DerivationGoal::runChild() const char *builder = "invalid"; string sandboxProfile; - if (isBuiltin(*drv)) + if (isBuiltin(*drv)) { ; - else if (useChroot && SANDBOX_ENABLED) { +#if SANDBOX_ENABLED + } else if (useChroot) { /* Lots and lots and lots of file functions freak out if they can't stat their full ancestry */ PathSet ancestry; @@ -2527,16 +2532,20 @@ void DerivationGoal::runChild() debug("Generated sandbox profile:"); debug(sandboxProfile); - Path tmpProfile = createTempDir() + "/profile.sb"; - writeFile(tmpProfile, sandboxProfile); + Path sandboxFile = drvPath + ".sb"; + if (pathExists(sandboxFile)) deletePath(sandboxFile); + autoDelSandbox = AutoDelete(sandboxFile); + + writeFile(sandboxFile, sandboxProfile); builder = "/usr/bin/sandbox-exec"; args.push_back("sandbox-exec"); args.push_back("-f"); - args.push_back(tmpProfile); + args.push_back(sandboxFile); args.push_back("-D"); args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir); args.push_back(drv->builder); +#endif } else { builder = drv->builder.c_str(); string builderBasename = baseNameOf(drv->builder);