Add config to enable as-nobody wrapper for non-persistent worker actions#13
Open
Add config to enable as-nobody wrapper for non-persistent worker actions#13
Conversation
TimB44
changed the title
added 2 commits
March 13, 2026 10:47
We want to enable as-nobody for normal actions to prevent them from writing to read-only input files that are shared via symlinks between actions. However, buildfarm does not set file ownership on persistent worker exec roots, so running them as nobody would break output writes. Since persistent workers copy their inputs rather than symlinking them, this is not a concern. Add alwaysUseAsNobodyExceptPersistentWorkers config option to enable as-nobody for all actions except those running on persistent workers.
TimB44
force-pushed
the
tblamires-buildfarm-215-as-nobody
branch
from
a252a3b to
ed1223a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The first commit is a Revert most of #10 while keeping c315cfa and 4a7f2bd.
In the second commit I added a new
alwaysUseAsNobodyExceptPersistentWorkersconfig option that enables the as-nobody wrapper for all actions except those running on persistent workers. Normal actions need as-nobody to prevent them from writing to read-only input files that are shared via symlinks between actions. Persistent workers are excluded because buildfarm doesn't set file ownership on their exec roots as the execOwners, so running them as nobody would break output writes. Since persistent workers copy their inputs rather than symlinking them, the symlink write protection that as-nobody provides is not relevant to them.