Fix ssh/scp/rsync sandboxing Change-Id: I1e94c028fafa78d4792a50790a76ab32bc4e10b2 Signed-off-by: James Kuszmaul <jabukuszmaul+collab@gmail.com>

commit: c6ea63a3b508e57b0b22fa7f4632aba7aab892d1 [log] [tgz]
author: James Kuszmaul <jabukuszmaul+collab@gmail.com> Wed Sep 06 20:36:46 2023 -0700
committer: James Kuszmaul <jabukuszmaul+collab@gmail.com> Wed Sep 06 21:13:48 2023 -0700
tree: cecb43e2417a1f257a525249e23ec054f8387b0e
parent: edebe941c2662421013f66e3b2fb886538e14cd7 [diff] [blame]
diff --git a/debian/rsync.BUILD b/debian/rsync.BUILD
index 4fe45b1..d761ace 100644
--- a/debian/rsync.BUILD
+++ b/debian/rsync.BUILD

@@ -1,5 +1,26 @@
-filegroup(
+genrule(
+    name = "copy_rsync_wrapper",
+    srcs = ["@//debian:rsync_wrapper.sh"],
+    outs = ["rsync_wrapper.sh"],
+    cmd = "cp $< $@",
+)
+
+sh_binary(
     name = "rsync",
-    srcs = ["usr/bin/rsync"],
+    srcs = [
+        "rsync_wrapper.sh",
+    ],
+    data = [
+        "usr/bin/rsync",
+        ":libs",
+        "@bazel_tools//tools/bash/runfiles",
+    ],
     visibility = ["//visibility:public"],
 )
+
+filegroup(
+    name = "libs",
+    srcs = glob([
+        "usr/lib/x86_64-linux-gnu/**",
+    ]),
+)
commit	c6ea63a3b508e57b0b22fa7f4632aba7aab892d1	[log] [tgz]
author	James Kuszmaul <jabukuszmaul+collab@gmail.com>	Wed Sep 06 20:36:46 2023 -0700
committer	James Kuszmaul <jabukuszmaul+collab@gmail.com>	Wed Sep 06 21:13:48 2023 -0700
tree	cecb43e2417a1f257a525249e23ec054f8387b0e
parent	edebe941c2662421013f66e3b2fb886538e14cd7 [diff] [blame]