nsjail support verification should respect BUILD_BROKEN* flag for SrcDir
This ensures that soong_ui is successful in setting up its own nsjail in
workflows that externally make the source tree ReadOnly (e.g. a nested
nsjail in multitree).
Test: TH
Change-Id: I6d0ec4a9fffda1d4e5996f475da611e1deb0888d
diff --git a/ui/build/sandbox_config.go b/ui/build/sandbox_config.go
index 1b46459..1d32d86 100644
--- a/ui/build/sandbox_config.go
+++ b/ui/build/sandbox_config.go
@@ -27,6 +27,15 @@
return sc.srcDirIsRO
}
+// Return the mount flag of the source directory in the nsjail command
+func (sc *SandboxConfig) SrcDirMountFlag() string {
+ ret := "-B" // Read-write
+ if sc.SrcDirIsRO() {
+ ret = "-R" // Read-only
+ }
+ return ret
+}
+
func (sc *SandboxConfig) SetSrcDirRWAllowlist(allowlist []string) {
sc.srcDirRWAllowlist = allowlist
}
diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go
index 5b2046e..edb3b66 100644
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go
@@ -101,7 +101,7 @@
// srcDir is /tmp/.* in integration tests, which is a child dir of /tmp
// nsjail throws an error if a child dir is mounted before its parent
"-B", "/tmp",
- "-B", sandboxConfig.srcDir,
+ c.config.sandboxConfig.SrcDirMountFlag(), sandboxConfig.srcDir,
"-B", sandboxConfig.outDir,
}
@@ -148,13 +148,6 @@
func (c *Cmd) wrapSandbox() {
wd, _ := os.Getwd()
- var srcDirMountFlag string
- if c.config.sandboxConfig.SrcDirIsRO() {
- srcDirMountFlag = "-R"
- } else {
- srcDirMountFlag = "-B" //Read-Write
- }
-
sandboxArgs := []string{
// The executable to run
"-x", c.Path,
@@ -195,7 +188,7 @@
"-B", "/tmp",
// Mount source
- srcDirMountFlag, sandboxConfig.srcDir,
+ c.config.sandboxConfig.SrcDirMountFlag(), sandboxConfig.srcDir,
//Mount out dir as read-write
"-B", sandboxConfig.outDir,