pkg/kernel: sandbox make invocation

author: Dmitry Vyukov <dvyukov@google.com> 2017-11-16 13:16:30 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2017-11-17 14:56:34 +0300
commit: 2f7fc0ff65b73cf2a6bfc1878aae75a7f5bae870 (patch)
tree: cd92b603b0fb9965aa8c2d9ff4328ff7e5f2785f /pkg/git
parent: 348d8f13f0299cd97f9219105ed7b21e591ddd36 (diff)
1 files changed, 42 insertions, 27 deletions
diff --git a/pkg/git/git.go b/pkg/git/git.go
index e4a54f71d..f67db363a 100644
--- a/pkg/git/git.go
+++ b/pkg/git/git.go
@@ -21,8 +21,8 @@ const timeout = time.Hour // timeout for all git invocations
 // This involves fetching/resetting/cloning as necessary to recover from all possible problems.
 // Returns hash of the HEAD commit in the specified branch.
 func Poll(dir, repo, branch string) (string, error) {
-	osutil.RunCmd(timeout, dir, "git", "reset", "--hard")
-	origin, err := osutil.RunCmd(timeout, dir, "git", "remote", "get-url", "origin")
+	runSandboxed(dir, "git", "reset", "--hard")
+	origin, err := runSandboxed(dir, "git", "remote", "get-url", "origin")
 	if err != nil || strings.TrimSpace(string(origin)) != repo {
 		// The repo is here, but it has wrong origin (e.g. repo in config has changed), re-clone.
 		if err := clone(dir, repo, branch); err != nil {
@@ -32,19 +32,19 @@ func Poll(dir, repo, branch string) (string, error) {
 	// Use origin/branch for the case the branch was force-pushed,
 	// in such case branch is not the same is origin/branch and we will
 	// stuck with the local version forever (git checkout won't fail).
-	if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil {
+	if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil {
 		// No such branch (e.g. branch in config has changed), re-clone.
 		if err := clone(dir, repo, branch); err != nil {
 			return "", err
 		}
 	}
-	if _, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags"); err != nil {
+	if _, err := runSandboxed(dir, "git", "fetch", "--no-tags"); err != nil {
 		// Something else is wrong, re-clone.
 		if err := clone(dir, repo, branch); err != nil {
 			return "", err
 		}
 	}
-	if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil {
+	if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil {
 		return "", err
 	}
 	return HeadCommit(dir)
@@ -53,37 +53,32 @@ func Poll(dir, repo, branch string) (string, error) {
 // Checkout checkouts the specified repository/branch in dir.
 // It does not fetch history and efficiently supports checkouts of different repos in the same dir.
 func Checkout(dir, repo, branch string) (string, error) {
-	if _, err := osutil.RunCmd(timeout, dir, "git", "reset", "--hard"); err != nil {
+	if _, err := runSandboxed(dir, "git", "reset", "--hard"); err != nil {
 		if err := initRepo(dir); err != nil {
 			return "", err
 		}
 	}
-	output, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch)
+	_, err := runSandboxed(dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch)
 	if err != nil {
-		return "", fmt.Errorf("git fetch %v %v failed: %v\n%s", repo, branch, err, output)
+		return "", err
 	}
-	if output, err := osutil.RunCmd(timeout, dir, "git", "checkout", "FETCH_HEAD"); err != nil {
-		return "", fmt.Errorf("git checkout FETCH_HEAD failed: %v\n%s", err, output)
+	if _, err := runSandboxed(dir, "git", "checkout", "FETCH_HEAD"); err != nil {
+		return "", err
 	}
 	return HeadCommit(dir)
 }
 
 func clone(dir, repo, branch string) error {
-	if err := os.RemoveAll(dir); err != nil {
-		return fmt.Errorf("failed to remove repo dir: %v", err)
+	if err := initRepo(dir); err != nil {
+		return err
 	}
-	if err := osutil.MkdirAll(dir); err != nil {
-		return fmt.Errorf("failed to create repo dir: %v", err)
+	if _, err := runSandboxed(dir, "git", "remote", "add", "origin", repo); err != nil {
+		return err
 	}
-	args := []string{
-		"clone",
-		repo,
-		"--single-branch",
-		"--branch", branch,
-		dir,
+	if _, err := runSandboxed(dir, "git", "fetch", "origin", "master"); err != nil {
+		return err
 	}
-	_, err := osutil.RunCmd(timeout, "", "git", args...)
-	return err
+	return nil
 }
 
 func initRepo(dir string) error {
@@ -93,16 +88,18 @@ func initRepo(dir string) error {
 	if err := osutil.MkdirAll(dir); err != nil {
 		return fmt.Errorf("failed to create repo dir: %v", err)
 	}
-	output, err := osutil.RunCmd(timeout, dir, "git", "init")
-	if err != nil {
-		return fmt.Errorf("failed to init git repo: %v\n%s", err, output)
+	if err := osutil.SandboxChown(dir); err != nil {
+		return err
+	}
+	if _, err := runSandboxed(dir, "git", "init"); err != nil {
+		return err
 	}
 	return nil
 }
 
 // HeadCommit returns hash of the HEAD commit of the current branch of git repository in dir.
 func HeadCommit(dir string) (string, error) {
-	output, err := osutil.RunCmd(timeout, dir, "git", "log", "--pretty=format:%H", "-n", "1")
+	output, err := runSandboxed(dir, "git", "log", "--pretty=format:%H", "-n", "1")
 	if err != nil {
 		return "", err
 	}
@@ -120,7 +117,7 @@ func ListRecentCommits(dir, baseCommit string) ([]string, error) {
 	// On upstream kernel this produces ~11MB of output.
 	// Somewhat inefficient to collect whole output in a slice
 	// and then convert to string, but should be bearable.
-	output, err := osutil.RunCmd(timeout, dir, "git", "log",
+	output, err := runSandboxed(dir, "git", "log",
 		"--pretty=format:%s", "--no-merges", "-n", "200000", baseCommit)
 	if err != nil {
 		return nil, err
@@ -154,12 +151,18 @@ var commitPrefixes = []string{
 func Patch(dir string, patch []byte) error {
 	// Do --dry-run first to not mess with partially consistent state.
 	cmd := osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--dry-run")
+	if err := osutil.Sandbox(cmd, true, true); err != nil {
+		return err
+	}
 	cmd.Stdin = bytes.NewReader(patch)
 	cmd.Dir = dir
 	if output, err := cmd.CombinedOutput(); err != nil {
 		// If it reverses clean, then it's already applied
 		// (seems to be the easiest way to detect it).
 		cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--reverse", "--dry-run")
+		if err := osutil.Sandbox(cmd, true, true); err != nil {
+			return err
+		}
 		cmd.Stdin = bytes.NewReader(patch)
 		cmd.Dir = dir
 		if _, err := cmd.CombinedOutput(); err == nil {
@@ -169,6 +172,9 @@ func Patch(dir string, patch []byte) error {
 	}
 	// Now apply for real.
 	cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace")
+	if err := osutil.Sandbox(cmd, true, true); err != nil {
+		return err
+	}
 	cmd.Stdin = bytes.NewReader(patch)
 	cmd.Dir = dir
 	if output, err := cmd.CombinedOutput(); err != nil {
@@ -177,6 +183,15 @@ func Patch(dir string, patch []byte) error {
 	return nil
 }
 
+func runSandboxed(dir, command string, args ...string) ([]byte, error) {
+	cmd := osutil.Command(command, args...)
+	cmd.Dir = dir
+	if err := osutil.Sandbox(cmd, true, false); err != nil {
+		return nil, err
+	}
+	return osutil.Run(timeout, cmd)
+}
+
 // CheckRepoAddress does a best-effort approximate check of a git repo address.
 func CheckRepoAddress(repo string) bool {
 	return gitRepoRe.MatchString(repo)
author	Dmitry Vyukov <dvyukov@google.com>	2017-11-16 13:16:30 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2017-11-17 14:56:34 +0300
commit	2f7fc0ff65b73cf2a6bfc1878aae75a7f5bae870 (patch)
tree	cd92b603b0fb9965aa8c2d9ff4328ff7e5f2785f /pkg/git
parent	348d8f13f0299cd97f9219105ed7b21e591ddd36 (diff)