horacekj
commented
5 years ago Btw. the similar problem applies for a root directory, it should probably also be chowned back.
Closed horacekj closed 5 years ago
horacekj
commented
5 years ago Btw. the similar problem applies for a root directory, it should probably also be chowned back.
gollux
commented
5 years ago You are expected to use "isolate --cleanup" to remove the whole sandbox. Is there any problem with it?
horacekj
commented
5 years ago I would like to store the result of the sandbox computation including the content of /tmp. So I would like to copy it somewhere else and access it. Is this a bad idea?
gollux
commented
5 years ago So far, I did not consider the content of /tmp to be a part of the public interface of isolate. It is stored in some subdirectory of the sandbox directory, but there is currently no promise on the name of that subdirectory and I am not sure I want to make such a promise for the future versions.
If you want to keep contents of /tmp, just move it to the current directory inside the sandbox (e.g., by using isolate --run once more).
horacekj
commented
5 years ago Ok.
After the sandbox quits, there is a
tmpdirectory with content of the/tmpfolder in the sandboxed process. This directory should be chowned back toorig_uid,orig_gidwhencleanup_ownershipis set (basically the same way as it currently works for aboxdirectory). Nowadays, it is practically impossible to removetmpdirectory by non-root user, because the owner is the sandboxed-uid (60000 etc.).