commit | e0f5576d5b5cd2a4a62d5c17396147e7c62441b3 | [log] [tgz] |
---|---|---|
author | Marc-Antoine Ruel <maruel@google.com> | Mon May 01 13:29:41 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon May 01 13:29:41 2023 +0000 |
tree | 1f10a7d4db60f7307f58682c4b707964a3e318e8 | |
parent | 6f8419b519304decd71552a35d521a4947da35c5 [diff] |
[sandbox] Lock between writing nsjail and fork+exec There's a concurrency bug that exhibits during unit tests with high parallelism. Use a RWMutex so no fork+exec is done while writing a nsjail file. We can get rid of the lock once we reimplement the needed part of nsjail in Go. Note that since it uses a RWMutex, perf impact on normal usage is miminal, concurrent fork+exec is still allowed and nsjail is written only once during normal "shac check" execution. Change-Id: Ia476722d91005ac6bff0c17b93f2123723538230 Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/843736 Reviewed-by: Oliver Newman <olivernewman@google.com> Fuchsia-Auto-Submit: Marc-Antoine Ruel <maruel@google.com> Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Scalable Hermetic Analysis and Checks.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.