Implement linux sandboxing with nsjail This really only initializes the sandbox, it does not attempt to change the view of the filesystem, nor does it turn off networking. Bug: 122270019 Test: m Test: trigger nsjail check failure; lunch; m; cat out/soong.log Test: USE_GOMA=true m libc Change-Id: Ib291072dcee8247c7a15f5b6831295ead6e4fc22

commit: 63663c6bc9ee270e02b06ff3d4f8812f1ef4d49b [log] [tgz]
author: Dan Willemsen <dwillemsen@google.com> Wed Jan 02 12:24:44 2019 -0800
committer: Dan Willemsen <dwillemsen@google.com> Tue Jan 15 13:47:31 2019 -0800
tree: 43841e3620caf538eb63f1061fd58e5741c920ea
parent: 073941d780016e0770f083e1edd425739d15b80a [diff] [blame]
diff --git a/ui/build/sandbox_darwin.go b/ui/build/sandbox_darwin.go
index 7e75167..43c5480 100644
--- a/ui/build/sandbox_darwin.go
+++ b/ui/build/sandbox_darwin.go

@@ -21,12 +21,12 @@
 type Sandbox string
 
 const (
-	noSandbox            = ""
-	globalSandbox        = "build/soong/ui/build/sandbox/darwin/global.sb"
-	dumpvarsSandbox      = globalSandbox
-	soongSandbox         = globalSandbox
-	katiSandbox          = globalSandbox
-	katiCleanSpecSandbox = globalSandbox
+	noSandbox       = ""
+	globalSandbox   = "build/soong/ui/build/sandbox/darwin/global.sb"
+	dumpvarsSandbox = globalSandbox
+	soongSandbox    = globalSandbox
+	katiSandbox     = globalSandbox
+	ninjaSandbox    = noSandbox
 )
 
 var sandboxExecPath string
commit	63663c6bc9ee270e02b06ff3d4f8812f1ef4d49b	[log] [tgz]
author	Dan Willemsen <dwillemsen@google.com>	Wed Jan 02 12:24:44 2019 -0800
committer	Dan Willemsen <dwillemsen@google.com>	Tue Jan 15 13:47:31 2019 -0800
tree	43841e3620caf538eb63f1061fd58e5741c920ea
parent	073941d780016e0770f083e1edd425739d15b80a [diff] [blame]