This has the nice side-effect of unifying the mount- and
non-mount-changes made due to processMode and securityMode.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Due to use of filepath.Clean(), on Windows we end up operating on the
paths in Windows-slashed form, even if the inputs were Unix-slashed.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Note that this mode allows build executor containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
This mode should be enabled only when the BuildKit is running in a container as an unprivileged user.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Paul "TBBle" Hampson
Akihiro Suda