[clang] [llvm] [llvm][clang] Sandbox filesystem reads (PR #165350)
Ben Langmuir via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 6 15:10:03 PST 2025
================
@@ -111,10 +118,16 @@ class CrossProcessModuleCache : public ModuleCache {
std::unique_ptr<llvm::AdvisoryLock>
getLock(StringRef ModuleFilename) override {
+ // This is a compiler-internal input/output, let's bypass the sandbox.
+ auto BypassSandbox = llvm::sys::sandbox::scopedDisable();
----------------
benlangmuir wrote:
What's the rationale for the constructor needing you to disable the sandbox but not the destructor or lock calls, which all involve I/O? We don't support lock files in the VFS in general, so maybe we should just do this in the constructor for lock files as well?
https://github.com/llvm/llvm-project/pull/165350
More information about the llvm-commits
mailing list