users are aware of the security risks detailed here and that they are going to
be practically running code provided by other users. Currently there are no good
ways to detect malicious models/graphs/checkpoints, so the recommended way to
mitigate the risk in this scenario is to sandbox the model execution.

### Hardware attacks

# limitations under the License.
# ==============================================================================

setup_file() {
    bazel version  # Start the bazel server

    # Fixes "fatal: detected dubious ownership in repository" for Docker.
    git config --system --add safe.directory '*'
    git config --system protocol.file.allow always

    # Note that you could generate a list of all the affected targets with e.g.:

      TF_GUARDED_BY(mu);

  // The keys of this map are all the active sessions using this graph. Each
  // value records whether the graph has been mutated since the corresponding
  // session has been run (this is detected in RecordMutation function). If the
  // string is empty, no mutation has occurred. Otherwise the string is a
  // description of the mutation suitable for returning to the user.
  //

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================
#
# Re-direct all links in $1 that are relative to be canonical

BASE="$1"
find "${BASE}" -type l | \
  while read l ; do
    if [[ "$(readlink "$l")" == \.\./* ]]; then
      CANONICAL="$(readlink "$l")";
      rm "$l";