Do not do magic to achieve a hermetic /tmp when the sandbox is herm…

…etic. The sandbox process already does a `chroot()` and creates a fresh `/tmp` in it so no magic is needed. RELNOTES: None. PiperOrigin-RevId: 579782553 Change-Id: Ia5df1911ab326b739a0693ae81c794ecd8dce53d
bazelbuild · Nov 6, 2023 · 491284b · 491284b
1 parent 6935927
commit 491284b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java
@@ -187,6 +187,12 @@ private boolean useHermeticTmp() {
       return false;
     }
 
+    if (getSandboxOptions().useHermetic) {
+      // The hermetic sandbox is, well, already hermetic. Also, it creates an empty /tmp by default
+      // so nothing needs to be done to achieve a /tmp that is also hermetic.
+      return false;
+    }
+
     boolean tmpExplicitlyBindMounted =
         getSandboxOptions().sandboxAdditionalMounts.stream()
             .anyMatch(e -> e.getKey().equals("/tmp"));