Build ACL from source#197
Open
nradakovic wants to merge 2 commits into
Open
Conversation
|
The created documentation from the pull request is available at: docu-html |
nradakovic
force-pushed
the
nira_add_acl
branch
2 times, most recently
from
77b186d to
351ef77
Compare
The PR provides patch for building ACL from release.
The acl_to_text() wrapper previously forwarded nullptr ACL handles
directly into libacl. Under ASan/UBSan builds this triggered
undefined behavior inside libacl internals before the library
returned an error condition.
Add explicit parameter validation in the wrapper and return EINVAL
for invalid ACL inputs before invoking libacl.
The related test was updated to validate the wrapper contract
directly by passing nullptr instead of relying on acl_get_file("")
to indirectly produce an invalid ACL handle.
This change improves defensive behavior for invalid input handling
and avoids sanitizer failures caused by passing invalid pointers
into third-party C library internals.
Member
Author
|
@4og Here is the temp solution until we do not get dedicated modules for ACL and ATTR. As you can see I had to change ACL wrapper where I pass now nullptr (not waiting acl_get_file("") to produce an invalid ACL handle). If the solution is not good, feel free to provide better one. |
There was a problem hiding this comment.
Pull request overview
This PR switches the Linux ACL dependency from prebuilt Debian packages to building from upstream release source tarballs via http_archive, adding a companion attr build since ACL depends on it. It also tightens the OS wrapper behavior around acl_to_text() invalid inputs and adjusts the corresponding unit test.
Changes:
- Replace Debian-based ACL fetching with
http_archivebuilds foraclandattr, including Bazel BUILD files and patching needed headers/config. - Update the
//third_party/acland//third_party/attraliases to point at the new@bazel_acl/@bazel_attrrepos. - Add explicit invalid-parameter handling in
AclInstance::acl_to_text()and update the unit test accordingly.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| third_party/attr/BUILD | Adds a repo-local alias target for the external attr archive. |
| third_party/attr/attr.BUILD | Defines how to build the attr library from source under Bazel. |
| third_party/attr/attr.patch | Adds a Bazel-provided Linux config.h for attr. |
| third_party/acl/BUILD | Switches the ACL alias to the new external @bazel_acl build. |
| third_party/acl/acl.BUILD | Defines how to build the acl library from source and link against attr. |
| third_party/acl/acl.patch | Adds Linux config.h and small include fixes needed for building from source. |
| MODULE.bazel | Removes Debian ACL downloads and adds http_archive definitions for attr + acl. |
| score/os/acl_impl.cpp | Adds null-argument validation to the acl_to_text() wrapper. |
| score/os/test/acl_test.cpp | Updates a unit test to use a deterministic invalid-input case for acl_to_text(). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+403
to
+407
| if ((acl == nullptr) || (len_p == nullptr)) | ||
| { | ||
| errno = EINVAL; | ||
| return score::cpp::make_unexpected(score::os::Error::createFromErrno()); | ||
| } |
Comment on lines
248
to
253
| ssize_t len{0}; | ||
| auto res = unit_.acl_to_text(result, &len); | ||
| ASSERT_FALSE(res.has_value()); | ||
|
|
||
| ::acl_free(result); | ||
| auto res = unit_.acl_to_text(nullptr, &len); | ||
|
|
||
| ASSERT_FALSE(res.has_value()); | ||
| } |
Comment on lines
+29
to
+38
| cc_library( | ||
| name = "acl_h", | ||
| hdrs = ["include/acl.h"], | ||
| copts = [ | ||
| '-DEXPORT=__attribute__((visibility("default"))) extern', | ||
| ], | ||
| include_prefix = "sys", | ||
| includes = ["include"], | ||
| strip_include_prefix = "include", | ||
| ) |
Comment on lines
+174
to
+190
| http_archive( | ||
| name = "bazel_attr", | ||
| build_file = "//third_party/attr:attr.BUILD", | ||
| patch_args = ["-p1"], | ||
| patches = ["//third_party/attr:attr.patch"], | ||
| strip_prefix = "attr-2.5.2", | ||
| urls = ["https://download.savannah.gnu.org/releases/attr/attr-2.5.2.tar.gz"], | ||
| ) | ||
|
|
||
| http_archive( | ||
| name = "bazel_acl", | ||
| build_file = "//third_party/acl:acl.BUILD", | ||
| patch_args = ["-p1"], | ||
| patches = ["//third_party/acl:acl.patch"], | ||
| strip_prefix = "acl-2.3.2", | ||
| urls = ["https://download.savannah.gnu.org/releases/acl/acl-2.3.2.tar.gz"], | ||
| ) |
Comment on lines
+49
to
+54
| +/* Linux behavior */ | ||
| +#define HAVE_VISIBILITY_ATTRIBUTE 1 | ||
| +#define EXPORT __attribute__ ((visibility ("default"))) extern | ||
| + | ||
| +#endif /* ATTR_CONFIG_H */ | ||
| \ No newline at end of file |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The PR provides patch for building ACL from release.