Commit ecb377f

authored

Rollup merge of #145885 - madsmtm:lldb-inherit-tcc, r=Kobzol

Inherit TCC in debuginfo tests on macOS macOS has a system for propagating folder permissions, which LLDB disables when spawning processes, which in turn causes debuginfo tests to spam the user with repeated pop-ups asking for permissions. See the code comment for details, as well as the following video for an example of how this looks in practice: https://github.com/user-attachments/assets/1e54f5b8-9130-4b59-8e92-1db1e58fb361 I stumbled upon the incantation to fix this (`settings set target.inherit-tcc true`) while investigating slowdowns when spawning newly created binaries due to XprotectService, see [this Zulip thread](https://rust-lang.zulipchat.com/#narrow/channel/246057-t-cargo/topic/build.20scripts.20slow.20on.20macOS.3F). This would allow me to no longer have a `build.build-dir = "/Users/madsmtm/rust-build"` workaround in my `bootstrap.toml`.

2 parents 693d5ea + a898f76 commit ecb377fCopy full SHA for ecb377f

File tree

1 file changed

+29

-0

lines changed

src/tools/compiletest/src/runtest
- debuginfo.rs

1 file changed

+29

-0

lines changed

`‎src/tools/compiletest/src/runtest/debuginfo.rs`

Lines changed: 29 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -395,6 +395,35 @@ impl TestCx<'_> {`
`395`	`395`	// We don't want to hang when calling `quit` while the process is still running
`396`	`396`	`let mut script_str = String::from("settings set auto-confirm true\n");`
`397`	`397`
	`398`	`+ // macOS has a system for restricting access to files and peripherals`
	`399`	`+ // called Transparency, Consent, and Control (TCC), which can be`
	`400`	`+ // configured using the "Security & Privacy" tab in your settings.`
	`401`	`+ //`
	`402`	`+ // This system is provenance-based: if Terminal.app is given access to`
	`403`	`+ // your Desktop, and you launch a binary within Terminal.app, the new`
	`404`	`+ // binary also has access to the files on your Desktop.`
	`405`	`+ //`
	`406`	`+ // By default though, LLDB launches binaries in very isolated`
	`407`	`+ // contexts. This includes resetting any TCC grants that might`
	`408`	`+ // otherwise have been inherited.`
	`409`	`+ //`
	`410`	`+ // In effect, this means that if the developer has placed the rust`
	`411`	`+ // repository under one of the system-protected folders, they will get`
	`412`	`+ // a pop-up _for each binary_ asking for permissions to access the`
	`413`	`+ // folder - quite annoying.`
	`414`	`+ //`
	`415`	`+ // To avoid this, we tell LLDB to spawn processes with TCC grants`
	`416`	`+ // inherited from the parent process.`
	`417`	`+ //`
	`418`	`+ // Setting this also avoids unnecessary overhead from XprotectService`
	`419`	`+ // when running with the Developer Tool grant.`
	`420`	`+ //`
	`421`	+ // TIP: If you want to allow launching `lldb ~/Desktop/my_binary`
	`422`	+ // without being prompted, you can put this in your `~/.lldbinit` too.
	`423`	`+ if self.config.host.contains("darwin") {`
	`424`	`+ script_str.push_str("settings set target.inherit-tcc true\n");`
	`425`	`+ }`
	`426`	`+`
`398`	`427`	`// Make LLDB emit its version, so we have it documented in the test output`
`399`	`428`	`script_str.push_str("version\n");`
`400`	`429`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ecb377f

File tree

1 file changed

1 file changed

`‎src/tools/compiletest/src/runtest/debuginfo.rs`

0 commit comments