Skip to content

Move output base somewhere under the user's home directory #11100

New issue
New issue
Closed as not planned
Closed as not planned
Move output base somewhere under the user's home directory#11100
Labels
P2We'll consider working on this in future. (Assignee optional)staleIssues or PRs that are stale (no activity for 30 days)team-Local-ExecIssues and PRs for the Execution (Local) teamtype: bug
@jsharpe

Description

@jsharpe
jsharpe
opened on Apr 8, 2020

Description of the problem / feature request:

The permissions on the directory created by the sandbox_base option are world readable by default. When this is set to /dev/shm on a shared user system this exposes the build files to all users during the build.

Feature requests: what underlying problem are you trying to solve with this feature?

Remove world readable permissions from the directory created by sandbox_base

Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.

bazel build //... --sandbox_base=/dev/shm
Observe permissions on sandbox directory in /dev/shm are world readable

What operating system are you running Bazel on?

centos 7

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2We'll consider working on this in future. (Assignee optional)staleIssues or PRs that are stale (no activity for 30 days)team-Local-ExecIssues and PRs for the Execution (Local) teamtype: bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions