Fix nested minijail0 execution

We've got an internal testcase that uses minijail0 inside an Android.mk rule. That was failing since we turned on the linux sandbox, as /proc was mounted read-only, which prevented setting up the uid/gid mappings for a child namespace. Fixes: 122985455 Test: treehugger & forrest of breaking build Change-Id: Ia77a91a7f4eeeb8a24e84075d8272287f5087587
author: Dan Willemsen <dwillemsen@google.com> 2019-01-16 23:02:24 -0800
committer: Dan Willemsen <dwillemsen@google.com> 2019-01-16 23:04:16 -0800
commit: 3a4dbd651f060a0cf091a314ad354b9e3714e9d9 (patch)
tree: 1d8ec19f629568809dc089d0e136ce54c3bc949d /ui
parent: c22c1bf130a7c60c193aece472eab2ae648a1fcb (diff)
download: build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.tar.gz
build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.tar.bz2
build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go
index f77eebb2..85c4a9a1 100644
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go
@@ -127,6 +127,9 @@ func (c *Cmd) wrapSandbox() {
 		// in soong_ui
 		"-e",
 
+		// Mount /proc read-write, necessary to run a nested nsjail or minijail0
+		"--proc_rw",
+
 		// Use a consistent user & group.
 		// Note that these are mapped back to the real UID/GID when
 		// doing filesystem operations, so they're rather arbitrary.
author	Dan Willemsen <dwillemsen@google.com>	2019-01-16 23:02:24 -0800
committer	Dan Willemsen <dwillemsen@google.com>	2019-01-16 23:04:16 -0800
commit	3a4dbd651f060a0cf091a314ad354b9e3714e9d9 (patch)
tree	1d8ec19f629568809dc089d0e136ce54c3bc949d /ui
parent	c22c1bf130a7c60c193aece472eab2ae648a1fcb (diff)
download	build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.tar.gz build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.tar.bz2 build_soong-3a4dbd651f060a0cf091a314ad354b9e3714e9d9.zip