Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c128dd7e authored by Haamed Gheibi's avatar Haamed Gheibi
Browse files

Add `skip_setsid` option to nsjail for sbox. 

ABFS project uses the process group to trace all the
file-system activities of a given build command.
The assumption is that the build commands do not change the
process group, otherwise some of the file operations can be
missed.

Bug: 376530561
Change-Id: Iff32df924e1cb20be2ce4dfe3355d833c0fb9e8e
parent 51778812

android/rule_builder.go

+1 −0
Original line number Diff line number Diff line
@@ -611,6 +611,7 @@ func (r *RuleBuilder) build(name string, desc string, ninjaEscapeCommandString b 
		nsjailCmd.WriteString(" -m none:/tmp:tmpfs:size=1073741824") // 1GB, should be enough

		nsjailCmd.WriteString(" -D nsjail_build_sandbox")

		nsjailCmd.WriteString(" --disable_rlimits")

		nsjailCmd.WriteString(" --skip_setsid") // ABFS relies on process-groups to track file operations

		nsjailCmd.WriteString(" -q")

		nsjailCmd.WriteString(" -- ")

		nsjailCmd.WriteString("/bin/bash -c ")