Execute spawns inside sandboxes to improve hermeticity (spawns can no longer use non-declared inputs) and safety (spawns can no longer affect the host system, e.g. accidentally wipe your home directory). This implementation works on Linux only and uses Linux containers ("namespaces").

The strategy works with all actions that Bazel supports (C++ / Java compilation, genrules, test execution, Skylark-based rules, ...) and in tests, Bazel could successfully bootstrap itself and pass the whole test suite using sandboxed execution. This is not the default behavior yet, but can be activated explicitly by using: bazel build --genrule_strategy=sandboxed --spawn_strategy=sandboxed //my:stuff -- MOS_MIGRATED_REVID=101457297
author: Philipp Wollermann <philwo@google.com> 2015-08-25 12:52:57 +0000
committer: Lukacs Berki <lberki@google.com> 2015-08-26 07:37:05 +0000
commit: 43c4a1a1452603bfe5e6883626c5ac91ea4e8eb6 (patch)
tree: 257c9f0f924b5b2cf96c208cd53ba4ff40259aca /src/test/java/com/google
parent: 988bb21407c3abf97100d90cff2b823dd594ef30 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/test/java/com/google/devtools/build/lib/testutil/TestConstants.java b/src/test/java/com/google/devtools/build/lib/testutil/TestConstants.java
index 0e4edbc882..7a91f21620 100644
--- a/src/test/java/com/google/devtools/build/lib/testutil/TestConstants.java
+++ b/src/test/java/com/google/devtools/build/lib/testutil/TestConstants.java
@@ -29,6 +29,7 @@ public class TestConstants {
   public static final ImmutableList<String> EMBEDDED_TOOLS = ImmutableList.of(
       "build-runfiles",
       "process-wrapper",
+      "namespace-sandbox",
       "build_interface_so");
 
   /**
author	Philipp Wollermann <philwo@google.com>	2015-08-25 12:52:57 +0000
committer	Lukacs Berki <lberki@google.com>	2015-08-26 07:37:05 +0000
commit	43c4a1a1452603bfe5e6883626c5ac91ea4e8eb6 (patch)
tree	257c9f0f924b5b2cf96c208cd53ba4ff40259aca /src/test/java/com/google
parent	988bb21407c3abf97100d90cff2b823dd594ef30 (diff)