linux-sandbox: Retry remount-ro on EBUSY (https://github.com/bazelbuild/bazel/pull/29433) ### Description MakeFilesystemMostlyReadOnly issues MS_BIND|MS_REMOUNT|MS_RDONLY for every entry in /proc/self/mounts. On busy mounts (notably "/") this races with concurrent symlink path lookups: pick_link() in fs/namei.c calls touch_atime(), which holds the per-mount writer counter via mnt_get_write_access() across the inode update. mnt_hold_writers() in the remount path returns -EBUSY if the counter is non-zero, causing the sandbox setup to die. The race window is short (a single update_time call), so a brief backoff-and-retry resolves it cleanly. Use the same constants runc has shipped since 2014 (5 attempts, 100 ms apart). This is my proposal for https://github.com/bazelbuild/bazel/issues/29424. ### Motivation Fixes https://github.com/bazelbuild/bazel/issues/29424. ### Build API Changes No ### Checklist - [x] I have added tests for the new use cases (if any). - [x] I have updated the documentation (if applicable). ### Release Notes RELNOTES: None Closes #29433. PiperOrigin-RevId: 922094350 Change-Id: I7ff8b1b5ad7992f164b44a6742c4f70cadb18f00
{Fast, Correct} - Choose two
Build and test software of any size, quickly and reliably.
Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.
One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.
Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.
Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.
To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.
See CONTRIBUTING.md