Packages with macros can't be built with `sandbox-exec`

[jpsim]

Description

Historically it's been possible to build a Swift package using swift build in a sandbox-exec invocation by passing --disable-sandbox to avoid having nested sandboxes.

For example:

$ git clone https://github.com/jpsim/Yams.git
$ cd Yams
$ sandbox-exec -p '(version 1)(allow default)' swift build --disable-sandbox
Building for debugging...
warning: Will not do cross-module incremental builds, wrong version of priors; expected 1.4.0 but read 1.3.0 at '/Users/jp/src/Yams/.build/arm64-apple-macosx/debug/Yams.build/master.priors'
[22/22] Compiling Yams Encoder.swift
Build complete! (6.62s)

However, if a Swift package is using Swift macros (or other kinds of user-defined compiler plugins), an inner sandbox is unconditionally applied, ignoring the --disable-sandbox SwiftPM flag: https://github.com/apple/swift/blob/ea95594ae137f288bf29a0b489b8689680a0086a/lib/AST/PluginRegistry.cpp#L146C1-L148

// Apply sandboxing.
llvm::BumpPtrAllocator Allocator;
Sandbox::apply(command, Allocator);

This causes Swift packages that use macros to violate the sandbox rules by using nested sandboxes, and therefore macros can't be spawned.

For example:

$ git clone https://github.com/alvmo/HexColors.git
$ cd HexColors
$ sandbox-exec -p '(version 1)(allow default)' swift build --disable-sandbox
...
Building for debugging...
sandbox-exec: sandbox_apply: Operation not permitted
<unknown>:0: warning: compiler plugin not loaded: '/src/HexColors/.build/arm64-apple-macosx/debug/HexColorsMacros; failed to initialize
/src/HexColors/Sources/HexColors/HexColors.swift:7:14: warning: external macro implementation type 'HexColorsMacros.ColorHexMacro' could not be found for macro 'color'
public macro color(_ stringLiteral: StringLiteralType ) -> Color = #externalMacro(module: "HexColorsMacros", type: "ColorHexMacro")
             ^
...

Concretely, this is preventing Swift tools that use Swift macros from being made available through Homebrew because their validation pipeline builds formulas in a sandboxed environment. For example: Homebrew/homebrew-core#153931

This issue was also filed using Feedback Assistant as FB13373741.

Expected behavior

Swift packages using macros should be buildable in a sandboxed environment.

One way to achieve that is to pass SwiftPM's --disable-sandbox flag down to Swift's LoadedExecutablePlugin::spawnIfNeeded() to avoid applying the sandbox if that flag is set.

If you can suggest a workaround to support this in the currently shipping version of Swift 5.9 that would be greatly appreciated.

Actual behavior

Swift packages using macros cannot be built in a sandboxed environment.

Steps to reproduce

1. git clone https://github.com/alvmo/HexColors.git
2. cd HexColors
3. sandbox-exec -p '(version 1)(allow default)' swift build --disable-sandbox

Swift Package Manager version/commit hash

Swift Package Manager - Swift 5.9.0

Swift & OS version (output of swift --version ; uname -a)

swift-driver version: 1.87.1 Apple Swift version 5.9 (swiftlang-5.9.0.128.108 clang-1500.0.40.1)
Target: arm64-apple-macosx13.0

[tomerd]

@neonichu is this on SwiftPM side on the compiler side?

[neonichu]

Might be both, it sounds like currently there's no driver-level option to disable sandboxing. We would need that and then I would think SwiftPM would pass that option when invoking the driver if --disable-sandbox was passed to it.

[neonichu]

This should be fixed by #7167

[jpsim]

Thanks @rintaro and @neonichu !