linux-sandbox: Retry remount-ro on EBUSY (https://github.com/bazelbuild/bazel/pull/29433)

### Description
MakeFilesystemMostlyReadOnly issues MS_BIND|MS_REMOUNT|MS_RDONLY for every entry in /proc/self/mounts. On busy mounts (notably "/") this races with concurrent symlink path lookups: pick_link() in fs/namei.c calls touch_atime(), which holds the per-mount writer counter via mnt_get_write_access() across the inode update. mnt_hold_writers() in the remount path returns -EBUSY if the counter is non-zero, causing the sandbox setup to die.

The race window is short (a single update_time call), so a brief backoff-and-retry resolves it cleanly. Use the same constants runc has shipped since 2014 (5 attempts, 100 ms apart).

This is my proposal for https://github.com/bazelbuild/bazel/issues/29424.

### Motivation
Fixes https://github.com/bazelbuild/bazel/issues/29424.

### Build API Changes
No

### Checklist

- [x] I have added tests for the new use cases (if any).
- [x] I have updated the documentation (if applicable).

### Release Notes

RELNOTES: None

Closes #29433.

PiperOrigin-RevId: 922094350
Change-Id: I7ff8b1b5ad7992f164b44a6742c4f70cadb18f00
1 file changed
tree: e26c90c2389ee21495a235acf3f5553a1c36718e
  1. .bazelci/
  2. .devcontainer/
  3. .gemini/
  4. .github/
  5. docs/
  6. examples/
  7. scripts/
  8. site/
  9. src/
  10. third_party/
  11. tools/
  12. .bazelrc
  13. .bazelversion
  14. .gitattributes
  15. .gitignore
  16. AGENTS.md
  17. AUTHORS
  18. bazel_downloader.cfg
  19. BUILD
  20. CHANGELOG.md
  21. CODE_OF_CONDUCT.md
  22. CODEOWNERS
  23. combine_distfiles.py
  24. combine_distfiles_to_tar.sh
  25. compile.sh
  26. CONTRIBUTING.md
  27. CONTRIBUTORS
  28. distdir.bzl
  29. extensions.bzl
  30. LICENSE
  31. maven_install.json
  32. MODULE.bazel
  33. MODULE.bazel.lock
  34. oneversion_allowlist.csv
  35. oneversion_allowlist_for_tests.csv
  36. pyproject.toml
  37. README.md
  38. repositories.bzl
  39. requirements.txt
  40. SECURITY.md
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status