commit ebdeaf5951a2104f253fabe87c2bb4eb3386d486
author James Kuszmaul <jabukuszmaul@gmail.com> Wed May 22 20:31:25 2019 -0700
committer James Kuszmaul <jabukuszmaul@gmail.com> Wed May 22 20:58:38 2019 -0700
tree ed487ee12e402f6c0b985dcb5628fb56e0212894
parent f6f11340ba582bbb37c88e566caa0a5da6455d7e

Add -fno-canonical-system-headers to improve sandboxing

Without this, gcc sometimes likes to "helpfully" shorten include paths
to absolute paths, which doesn't play nice with Bazel's sandboxing.

Change-Id: I11d63b66682444ed3b63714c73c9f1158c272c35

tools/cpp/CROSSTOOL

diff --git a/tools/cpp/CROSSTOOL b/tools/cpp/CROSSTOOL
index 12d69ec..c7a846f 100644
--- a/tools/cpp/CROSSTOOL
+++ b/tools/cpp/CROSSTOOL
@@ -439,6 +439,16 @@
       }
     }
     flag_set {
+      action: "assemble"
+      action: "preprocess-assemble"
+      action: "c++-compile"
+      action: "c++-header-parsing"
+      action: "c++-header-preprocessing"
+      flag_group {
+        flag: "-fno-canonical-system-headers"
+      }
+    }
+    flag_set {
       action: "c++-compile"
       action: "c++-header-parsing"
       action: "c++-module-compile"

tools/cpp/static_crosstool.pb

diff --git a/tools/cpp/static_crosstool.pb b/tools/cpp/static_crosstool.pb
index 778a70d..5599c15 100644
--- a/tools/cpp/static_crosstool.pb
+++ b/tools/cpp/static_crosstool.pb
@@ -384,6 +384,17 @@
     }
 
     flag_set {
+      action: "assemble"
+      action: "preprocess-assemble"
+      action: "c++-compile"
+      action: "c++-header-parsing"
+      action: "c++-header-preprocessing"
+      flag_group {
+        flag: "-fno-canonical-system-headers"
+      }
+    }
+
+    flag_set {
       action: "c++-compile"
       action: "c++-header-parsing"
       action: "c++-module-compile"