Add a test for sandboxing when nobody's UID is different

Please don't merge before I8b8c3596fd2a4c125071406eefd407ca402099dd. The test will fail then. I've seen two issues with this functionality breaking: bazelbuild#481 and bazelbuild#1637. Seems like it's time to add a test which catches the issue on the Debian/Ubuntu machines people commonly test on. The test fails on my Debian system before I8b8c3596fd2a4c125071406eefd407ca402099dd, and passes with that change applied. -- Change-Id: Ib785c874cdb9192920f9935b696bfd6c9c0e5f4f Reviewed-on: https://bazel-review.git.corp.google.com/#/c/5451/ MOS_MIGRATED_REVID=130635565
rabadin · Aug 18, 2016 · 774553e · 774553e
1 parent feb5d08
commit 774553e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/src/main/tools/linux-sandbox.c b/src/main/tools/linux-sandbox.c
@@ -565,7 +565,7 @@ static void SetupDirectories() {
       perror("getpwuid(getuid())");
       exit(EXIT_FAILURE);
     } else {
-      DIE("UID %d not found in passwd file", (int)getuid());
+      DIE("UID %d not found in passwd file\n", (int)getuid());
     }
   }
   char *homedir = uid_passwd->pw_dir;

diff --git a/src/test/shell/bazel/bazel_sandboxing_test.sh b/src/test/shell/bazel/bazel_sandboxing_test.sh
@@ -434,6 +434,19 @@ EOF
   expect_log "Sandboxed execution failed, which may be legitimate"
 }
 
+function test_sandbox_different_nobody_uid() {
+  cat /etc/passwd | sed 's/\(^nobody:[^:]*:\)[0-9]*:[0-9]*/\15000:16000/g' > \
+      "${TEST_TMPDIR}/passwd"
+  unshare --user --mount --map-root-user -- bash - \
+      << EOF || fail "Hermetic genrule with different UID for nobody failed" \
+set -e
+set -u
+
+mount --bind ${TEST_TMPDIR}/passwd /etc/passwd
+bazel build examples/genrule:works &> ${TEST_log}
+EOF
+}
+
 # The test shouldn't fail if the environment doesn't support running it.
 check_supported_platform || exit 0
 check_sandbox_allowed || exit 0