Closed horacekj closed 5 years ago
Btw. the similar problem applies for a root
directory, it should probably also be chowned back.
You are expected to use "isolate --cleanup" to remove the whole sandbox. Is there any problem with it?
I would like to store the result of the sandbox computation including the content of /tmp
. So I would like to copy it somewhere else and access it. Is this a bad idea?
So far, I did not consider the content of /tmp to be a part of the public interface of isolate. It is stored in some subdirectory of the sandbox directory, but there is currently no promise on the name of that subdirectory and I am not sure I want to make such a promise for the future versions.
If you want to keep contents of /tmp, just move it to the current directory inside the sandbox (e.g., by using isolate --run
once more).
Ok.
After the sandbox quits, there is a
tmp
directory with content of the/tmp
folder in the sandboxed process. This directory should be chowned back toorig_uid
,orig_gid
whencleanup_ownership
is set (basically the same way as it currently works for abox
directory). Nowadays, it is practically impossible to removetmp
directory by non-root user, because the owner is the sandboxed-uid (60000 etc.).