[engine] Skip mounting filesystem root if in passthrough_env

Change-Id: I6d5e4bae06f0b2462b4e88806af24c4e1dde02b0

Author: orn688

internal/engine/runtime_ctx_os.go

@@ -252,12 +252,27 @@ func ctxOsExec(ctx context.Context, s *shacState, name string, args starlark.Tup
 			continue
 		}
 		env[pte.Name] = val
-		if pte.IsPath {
-			passthroughMounts = append(passthroughMounts, sandbox.Mount{
-				Path:     val,
-				Writable: pte.Writeable,
+		if !pte.IsPath {
+			continue
+		}
+
+		dest := val
+		// Mount at a temporary directory.
+		if val == filepath.Dir(val) {
+			if dest, err = s.newTempDir(); err != nil {
+				return nil, err
+			}
+			cleanupFuncs = append(cleanupFuncs, func() error {
+				return os.RemoveAll(tempDir)
 			})
 		}
+
+		passthroughMounts = append(passthroughMounts, sandbox.Mount{
+			Path:     val,
+			Writable: pte.Writeable,
+			Dest:     dest,
+			Why:      "passthrough_env: " + pte.Name,
+		})
 	}
 
 	for _, item := range argenv.Items() {
@@ -343,7 +358,7 @@ func ctxOsExec(ctx context.Context, s *shacState, name string, args starlark.Tup
 	if runtime.GOOS != "windows" {
 		config.Mounts = []sandbox.Mount{
 			// TODO(olivernewman): Mount the checkout read-only unconditionally.
-			{Path: s.root, Writable: s.writableRoot},
+			{Path: s.root, Writable: s.writableRoot, Why: "checkout_root"},
 			// OS-provided utilities.
 			{Path: "/dev/null", Writable: true},
 			{Path: "/dev/urandom"},
@@ -363,7 +378,7 @@ func ctxOsExec(ctx context.Context, s *shacState, name string, args starlark.Tup
 			// Make the parent directory of tempDir available, since it is the root
 			// of all ctx.os.tempdir() calls, which can be used as scratch pads for
 			// this executable.
-			{Path: filepath.Dir(tempDir), Writable: true},
+			{Path: filepath.Dir(tempDir), Writable: true, Why: "tempdir_parent"},
 		}
 		config.Mounts = append(config.Mounts, passthroughMounts...)
 
@@ -372,7 +387,7 @@ func ctxOsExec(ctx context.Context, s *shacState, name string, args starlark.Tup
 		// installs Go in the checkout directory, and stop explicitly mounting
 		// $GOROOT and adding it to $PATH.
 		if runtime.GOROOT() != "" {
-			config.Mounts = append(config.Mounts, sandbox.Mount{Path: runtime.GOROOT()})
+			config.Mounts = append(config.Mounts, sandbox.Mount{Path: runtime.GOROOT(), Why: "GOROOT"})
 		}
 
 		// Mount all directories listed in $PATH.
@@ -382,13 +397,18 @@ func ctxOsExec(ctx context.Context, s *shacState, name string, args starlark.Tup
 				// Relative paths in $PATH are not allowed.
 				continue
 			}
+			if p == filepath.Dir(p) {
+				// Skip trying to mount the filesystem root if it happens to be
+				// included in $PATH, since that will cause lots of issues.
+				continue
+			}
 			var fi os.FileInfo
 			if fi, err = os.Stat(p); err != nil || !fi.IsDir() {
 				// Skip $PATH elements that don't exist or point to
 				// non-directories.
 				continue
 			}
-			config.Mounts = append(config.Mounts, sandbox.Mount{Path: p})
+			config.Mounts = append(config.Mounts, sandbox.Mount{Path: p, Why: "PATH_element"})
 		}
 	}
 

internal/sandbox/sandbox.go

@@ -42,6 +42,7 @@ type Mount struct {
 	// Writable controls whether the mount is writable by processes within the
 	// nsjail.
 	Writable bool
+	Why      string
 }
 
 // Config represents the configuration for a sandboxed subprocess.
@@ -135,6 +136,7 @@ func (s nsjailSandbox) Command(ctx context.Context, config *Config) *exec.Cmd {
 			val = fmt.Sprintf("%s:%s", mnt.Path, mnt.Dest)
 		}
 		args = append(args, flag, val)
+		fmt.Println("-", val, mnt.Why)
 	}
 	args = append(args, "--")
 	args = append(args, config.Cmd...)