Add option to enable Docker sandboxing.

RELNOTES: None. PiperOrigin-RevId: 199467128
author: lberki <lberki@google.com> 2018-06-06 08:08:34 -0700
committer: Copybara-Service <copybara-piper@google.com> 2018-06-06 08:10:05 -0700
commit: 4b80f2455e7e49a95f3a4c9102a67a57dad52207 (patch)
tree: 0fd9f4ce795593b2d1b5d5d8fe72e5db98d3ea0d /src/main/java/com/google/devtools/build/lib/sandbox
parent: 188a29a7ae5bd0670661672bbe1739b1f244ca90 (diff)
2 files changed, 38 insertions, 22 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextProvider.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextProvider.java
index d6f847b75c..8d04bb5b92 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextProvider.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextProvider.java
@@ -22,6 +22,7 @@ import com.google.devtools.build.lib.actions.ResourceManager;
 import com.google.devtools.build.lib.actions.Spawn;
 import com.google.devtools.build.lib.actions.SpawnResult;
 import com.google.devtools.build.lib.actions.Spawns;
+import com.google.devtools.build.lib.events.Event;
 import com.google.devtools.build.lib.exec.ActionContextProvider;
 import com.google.devtools.build.lib.exec.SpawnRunner;
 import com.google.devtools.build.lib.exec.apple.XcodeLocalEnvProvider;
@@ -71,28 +72,35 @@ final class SandboxActionContextProvider extends ActionContextProvider {
       contexts.add(new ProcessWrapperSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
     }
 
-    // This strategy uses Docker to execute spawns. It should work on all platforms that support
-    // Docker.
-    getPathToDockerClient(cmdEnv)
-        .ifPresent(
-            dockerClient -> {
-              if (DockerSandboxedSpawnRunner.isSupported(cmdEnv, dockerClient)) {
-                String defaultImage = options.getOptions(SandboxOptions.class).dockerImage;
-                boolean useCustomizedImages =
-                    options.getOptions(SandboxOptions.class).dockerUseCustomizedImages;
-                SpawnRunner spawnRunner =
-                    withFallback(
-                        cmdEnv,
-                        new DockerSandboxedSpawnRunner(
-                            cmdEnv,
-                            dockerClient,
-                            sandboxBase,
-                            defaultImage,
-                            timeoutKillDelay,
-                            useCustomizedImages));
-                contexts.add(new DockerSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
-              }
-            });
+    SandboxOptions sandboxOptions = options.getOptions(SandboxOptions.class);
+
+    if (sandboxOptions.enableDockerSandbox) {
+      // This strategy uses Docker to execute spawns. It should work on all platforms that support
+      // Docker.
+      getPathToDockerClient(cmdEnv)
+          .ifPresent(
+              dockerClient -> {
+                if (DockerSandboxedSpawnRunner.isSupported(cmdEnv, dockerClient)) {
+                  String defaultImage = sandboxOptions.dockerImage;
+                  boolean useCustomizedImages = sandboxOptions.dockerUseCustomizedImages;
+                  SpawnRunner spawnRunner =
+                      withFallback(
+                          cmdEnv,
+                          new DockerSandboxedSpawnRunner(
+                              cmdEnv,
+                              dockerClient,
+                              sandboxBase,
+                              defaultImage,
+                              timeoutKillDelay,
+                              useCustomizedImages));
+                  contexts.add(new DockerSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
+                }
+              });
+    } else if (sandboxOptions.dockerVerbose) {
+      cmdEnv.getReporter().handle(Event.info(
+          "Docker sandboxing disabled. Use the '--experimental_enable_docker_sandbox' command "
+          + "line option to enable it"));
+    }
 
     // This is the preferred sandboxing strategy on Linux.
     if (LinuxSandboxedSpawnRunner.isSupported(cmdEnv)) {
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
index 6025944627..d8ec1813ed 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/SandboxOptions.java
@@ -219,6 +219,14 @@ public class SandboxOptions extends OptionsBase {
   public boolean collectLocalSandboxExecutionStatistics;
 
   @Option(
+    name = "experimental_enable_docker_sandbox",
+    defaultValue = "false",
+    documentationCategory = OptionDocumentationCategory.EXECUTION_STRATEGY,
+    effectTags = {OptionEffectTag.EXECUTION},
+    help = "Enable Docker-based sandboxing. This option has no effect if Docker is not installed.")
+  public boolean enableDockerSandbox;
+
+  @Option(
     name = "experimental_docker_image",
     defaultValue = "",
     documentationCategory = OptionDocumentationCategory.EXECUTION_STRATEGY,
author	lberki <lberki@google.com>	2018-06-06 08:08:34 -0700
committer	Copybara-Service <copybara-piper@google.com>	2018-06-06 08:10:05 -0700
commit	4b80f2455e7e49a95f3a4c9102a67a57dad52207 (patch)
tree	0fd9f4ce795593b2d1b5d5d8fe72e5db98d3ea0d /src/main/java/com/google/devtools/build/lib/sandbox
parent	188a29a7ae5bd0670661672bbe1739b1f244ca90 (diff)