diff options
author | Philipp Wollermann <philwo@google.com> | 2015-12-10 11:16:42 +0000 |
---|---|---|
committer | Lukacs Berki <lberki@google.com> | 2015-12-10 12:41:39 +0000 |
commit | d4b78d0f7c2d3e6714f82538eca30e2414e97fdc (patch) | |
tree | 00f4764863a150c3b068c41a054915fb5af6754a /site | |
parent | 0a2aef64e85e636681d18fd9b249dfae72cbe4a4 (diff) |
Further improve sandbox documentation.
--
MOS_MIGRATED_REVID=109881691
Diffstat (limited to 'site')
-rw-r--r-- | site/docs/bazel-user-manual.html | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/site/docs/bazel-user-manual.html b/site/docs/bazel-user-manual.html index 5ebca69c56..62261d6881 100644 --- a/site/docs/bazel-user-manual.html +++ b/site/docs/bazel-user-manual.html @@ -844,18 +844,20 @@ $ bazel fetch //... </p> <p> - On some platform such as <a href="https://cloud.google.com/container-engine/">GKE</a> - cluster nodes, namespace are deactivated using the <code>kernel.unprivileged_userns_clone</code> - sysctl. This can be checked by looking at the file - <code>/proc/sys/kernel/unprivileged_userns_clone</code>: if it exists and set to 0, then - namespace can be activated with <code>sudo sysctl kernel.unprivileged_userns_clone=1</code>. + On some platforms such as <a href="https://cloud.google.com/container-engine/">Google Container + Engine</a> cluster nodes or Debian, user namespaces are deactivated by default due to security + concerns. This can be checked by looking at the file + <code>/proc/sys/kernel/unprivileged_userns_clone</code>: if it exists and contains a 0, then + user namespaces can be activated with <code>sudo sysctl kernel.unprivileged_userns_clone=1</code>. </p> <p> - In some cases, Bazel sandbox fails to execute rules because of the system setup. The symptom is - generally a failure that output a message similar to + In some cases, the Bazel sandbox fails to execute rules because of the system setup. The symptom + is generally a failure that output a message similar to <code>namespace-sandbox.c:633: execvp(argv[0], argv): No such file or directory</code>. In that - case, try to deactivate the sandbox for genrule with <code>--genrule_strategy=standalone</code> - and for other rules with <code>--spawn_strategy=standalone</code>. + case, try to deactivate the sandbox for genrules with <code>--genrule_strategy=standalone</code> + and for other rules with <code>--spawn_strategy=standalone</code>. Also please report a bug on our + issue tracker and mention which Linux distribution you're using so that we can investigate and + provide a fix in a subsequent release. </p> <p> |