[clang] [clang] Bypass FS sandbox during Linux distro detection (PR #175201)
Jan Svoboda via cfe-commits
cfe-commits at lists.llvm.org
Fri Jan 9 09:05:00 PST 2026
https://github.com/jansvoboda11 created https://github.com/llvm/llvm-project/pull/175201
There's some logic in Linux distro detection that relies on the VFS being the real FS. This check is implemented such that it violates the IO sandbox. This PR implements narrow sandbox disablement for this specific check.
>From ba7172235a26727947caa82ad77f2de7bb3d315d Mon Sep 17 00:00:00 2001
From: Jan Svoboda <jan_svoboda at apple.com>
Date: Fri, 9 Jan 2026 09:03:54 -0800
Subject: [PATCH] [clang] Bypass FS sandbox during Linux distro detection
There's some logic in Linux distro detection that relies on the VFS being the real FS. This check is implemented such that it violates the IO sandbox. This PR implements narrow sandbox disablement for this specific check.
---
clang/lib/Driver/Distro.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/clang/lib/Driver/Distro.cpp b/clang/lib/Driver/Distro.cpp
index df10458d092d6..3c335891f9971 100644
--- a/clang/lib/Driver/Distro.cpp
+++ b/clang/lib/Driver/Distro.cpp
@@ -11,6 +11,7 @@
#include "llvm/ADT/StringRef.h"
#include "llvm/ADT/StringSwitch.h"
#include "llvm/Support/ErrorOr.h"
+#include "llvm/Support/IOSandbox.h"
#include "llvm/Support/MemoryBuffer.h"
#include "llvm/Support/Threading.h"
#include "llvm/TargetParser/Host.h"
@@ -211,7 +212,10 @@ static Distro::DistroType GetDistro(llvm::vfs::FileSystem &VFS,
return Distro::UnknownDistro;
// True if we're backed by a real file system.
- const bool onRealFS = (llvm::vfs::getRealFileSystem() == &VFS);
+ const bool onRealFS = [&] {
+ auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
+ return llvm::vfs::getRealFileSystem() == &VFS;
+ }();
// If the host is not running Linux, and we're backed by a real file
// system, no need to check the distro. This is the case where someone
More information about the cfe-commits
mailing list