As reported in #18306 and mostly addressed in #18327, files in the sandbox bind mount may end up owned by root on Linux. To ensure that they can still be captured, #18327 made them readable, but they will not be able to be removed.
To avoid this problem, we might need to create a user in the container to chown them to. Alternatively, it's possible that a variant of the strategy originally employed by #18225 (tar-pipes) could be used to capture outputs as well, so that we skipped the bind mount entirely.
As reported in #18306 and mostly addressed in #18327, files in the sandbox bind mount may end up owned by root on Linux. To ensure that they can still be captured, #18327 made them readable, but they will not be able to be removed.
To avoid this problem, we might need to create a user in the container to chown them to. Alternatively, it's possible that a variant of the strategy originally employed by #18225 (tar-pipes) could be used to capture outputs as well, so that we skipped the bind mount entirely.