aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/main/java/com/google/devtools/build/lib/sandbox
Commit message (Collapse)AuthorAge
* Fix up exception declarations; use EnvironmentalExecException.Gravatar Ulf Adams2015-12-04
| | | | | -- MOS_MIGRATED_REVID=109404922
* Reorganize BUILD files.Gravatar Han-Wen Nienhuys2015-11-30
| | | | | -- MOS_MIGRATED_REVID=108985661
* Mount /sbin into the sandbox.Gravatar Brian Silverman2015-11-25
| | | | | | | | | | This is necessary to be able to verify that the network sandbox is active using ifconfig, for example. -- Change-Id: Ia3ea16e18cf1d280f31870c867e56336bb48e7bd Reviewed-on: https://bazel-review.git.corp.google.com/#/c/2361 MOS_MIGRATED_REVID=108685498
* Speed up & deflake bazel_sandboxing_cpp_test (and probably other shell tests).Gravatar Philipp Wollermann2015-11-12
| | | | | | | The "clean" command that is run after each shell test finishes (in the tear_down method of test-setup.sh) tries to remove all subdirectories of the output base. This includes the bazel-sandboxes directory. This, however is already being cleaned up continuously in the background by a thread pool setup in SandboxModule. By waiting for the pool to finish before the clean command runs, the race condition can be solved. -- MOS_MIGRATED_REVID=107578302
* Hook up the network sandboxing codeGravatar Brian Silverman2015-11-05
| | | | | | | | | | RELNOTES: Tests, genrules, and Skylark actions without the "requires-network" tag will no longer be able to access the network. -- Change-Id: I6f7ad209142c6cfa2ad0318adf3dcfbc9af3d724 Reviewed-on: https://bazel-review.git.corp.google.com/#/c/2221/ MOS_MIGRATED_REVID=107043709
* Split off more BUILD files.Gravatar Han-Wen Nienhuys2015-10-28
| | | | | -- MOS_MIGRATED_REVID=106493557
* Separate BUILD file for options and docgen.Gravatar Han-Wen Nienhuys2015-10-16
| | | | | -- MOS_MIGRATED_REVID=105511114
* Split off 2 BUILD files.Gravatar Han-Wen Nienhuys2015-10-13
| | | | | -- MOS_MIGRATED_REVID=105301167
* Make the sandbox handle an arbitrary number of argumentsGravatar Brian Silverman2015-10-13
| | | | | | | | | | I was hitting argument length restrictions when trying to run rules which take 2 GCC installs and a Clang install as inputs. -- Change-Id: Iee27bb6fb50fe94bff4b2500bbcfa9381b05d63d Reviewed-on: https://bazel-review.googlesource.com/#/c/2090 MOS_MIGRATED_REVID=105300670
* Add support for filesets in LinuxSandboxedStrategy.Gravatar Philipp Wollermann2015-10-09
| | | | | -- MOS_MIGRATED_REVID=105052078
* sandbox: Push creation of needed empty directories (like /tmp, TEST_TMPDIR) ↵Gravatar Philipp Wollermann2015-10-08
| | | | | | | into the namespace-sandbox, instead of doing it in Java. This fixes an issue where the namespace-sandbox would check-fail on an mkdir() of a directory that was already created in the LinuxSandboxedStrategy. -- MOS_MIGRATED_REVID=104851563
* sandbox: Improve MountMap to always return entries sorted by path depth and ↵Gravatar Philipp Wollermann2015-10-06
| | | | | | | lexicographical order. This prevents certain edge cases in the sandbox, where a mounted child directory could be hidden by a later mount of a parent directory over its parent. -- MOS_MIGRATED_REVID=104749937
* Rationalize copyright headersGravatar Damien Martin-Guillerez2015-09-25
| | | | | | | | | | | The headers were modified with `find . -type f -exec 'sed' '-Ei' 's|Copyright 201([45]) Google|Copyright 201\1 The Bazel Authors|' '{}' ';'` And manual edit for not Google owned copyright. Because of the nature of ijar, I did not modified the header of file owned by Alan Donovan. The list of authors were extracted from the git log. It is missing older Google contributors that can be added on-demand. -- MOS_MIGRATED_REVID=103938715
* Heavily refactor ProfileCommand to separate output and statistics generation ↵Gravatar Klaas Boesche2015-09-22
| | | | | | | and enable their reuse -- MOS_MIGRATED_REVID=103634406
* Small cleanup: execPath is available locally.Gravatar Ulf Adams2015-09-21
| | | | | | | -- Change-Id: If84b34393b88bad345ddf76aab0b033e77016f94 Reviewed-on: https://github.com/bazelbuild/bazel/pull/466 MOS_MIGRATED_REVID=103530511
* Extract MountMap to a top-level class.Gravatar Ulf Adams2015-09-21
| | | | | | | -- Change-Id: I26cf10accaa6f62014c65f41637a36fbeab42b0a Reviewed-on: https://github.com/bazelbuild/bazel/pull/465 MOS_MIGRATED_REVID=103529462
* Move Label from the lib.syntax to the lib.cmdline package so that:Gravatar Lukacs Berki2015-09-21
| | | | | | | | | | - Label parsing can be simplified - lib.syntax is only contains the code for Skylark and is reasonably independent from the problem domain of building things This change is mostly only changes to imports declarations. The rest is reversing the dependency between :cmdline and :syntax and moving a tiny amount of code between Printer and FilesetEntry and the addition of SkylarkPrintableValue that I couldn't be bothered to separate out into its own change. -- MOS_MIGRATED_REVID=103527877
* Move the clientEnv to the CommandEnvironment.Gravatar Ulf Adams2015-09-17
| | | | | -- MOS_MIGRATED_REVID=103269584
* Introduce CommandEnvironment and pass it instead of BlazeRuntime.Gravatar Ulf Adams2015-09-15
| | | | | | | | The very long term plan is to make BlazeRuntime immutable, so that we can run multiple commands in the same server. -- MOS_MIGRATED_REVID=103080946
* sandbox: Show user-friendly mount paths in the namespace-sandbox debug log.Gravatar Philipp Wollermann2015-09-08
| | | | | | | Improvement for #424. -- MOS_MIGRATED_REVID=102566748
* sandbox: Better error messages and the noisy debug logs of the ↵Gravatar Philipp Wollermann2015-09-08
| | | | | | | | | namespace-runner now have to be explicitly activated via --sandbox_debug. Fixes #424. -- MOS_MIGRATED_REVID=102566625
* sandbox: We have to move all generated outputs, not just regular files.Gravatar Philipp Wollermann2015-09-08
| | | | | | | Fix for a part of bug #397. -- MOS_MIGRATED_REVID=102564902
* Display TIMEOUT for test that times outGravatar Damien Martin-Guillerez2015-09-08
| | | | | | | | | Previously the timing out information wasn't propagated to the user, leading to a wrong FAILED message whereas the test was timing out. -- MOS_MIGRATED_REVID=102535481
* Rollback of commit 369635536db085dd70124ace2e4ef604680148b4.Gravatar Damien Martin-Guillerez2015-09-04
| | | | | | | | | | | | | | | | *** Reason for rollback *** Totally broke Bazel tests (100% failures!). Found by git bisect after running the update script. *** Original change description *** sandbox: We have to move all generated outputs, not just regular files. Fix for a part of bug #397. -- MOS_MIGRATED_REVID=102354724
* sandbox: We have to move all generated outputs, not just regular files.Gravatar Philipp Wollermann2015-09-04
| | | | | | | Fix for a part of bug #397. -- MOS_MIGRATED_REVID=102343972
* sandbox: Use a better data structure for the mounts.Gravatar Philipp Wollermann2015-09-04
| | | | | -- MOS_MIGRATED_REVID=102330179
* Code cleanupGravatar Laurent Le Brun2015-09-03
| | | | | -- MOS_MIGRATED_REVID=102239051
* sandbox: Better parsing of runfiles manifest files, fixes #413.Gravatar Philipp Wollermann2015-09-02
| | | | | -- MOS_MIGRATED_REVID=102145100
* sandbox: When spawn.getInputs() contains a directory, recurse into it and ↵Gravatar Philipp Wollermann2015-09-02
| | | | | | | mount the individual files. -- MOS_MIGRATED_REVID=102142064
* sandbox: Do not print the output of the isSupported() check.Gravatar Philipp Wollermann2015-09-02
| | | | | -- MOS_MIGRATED_REVID=102058774
* Mention --ignore_unsupported_sandboxing in the warning message about ↵Gravatar Philipp Wollermann2015-09-02
| | | | | | | unavailable sandboxing. -- MOS_MIGRATED_REVID=102042098
* Fix namespace-sandbox executable name.Gravatar Dmitry Lomov2015-08-31
| | | | | -- MOS_MIGRATED_REVID=101926862
* Fixes #400: Linux sandboxing and relative symbolic links.Gravatar Philipp Wollermann2015-08-28
| | | | | | | Symlink resolution did not work in all cases and broke ./compile.sh on certain Linux distros. -- MOS_MIGRATED_REVID=101775459
* Instead of assuming that sandboxing will generally work on everything that ↵Gravatar Philipp Wollermann2015-08-26
| | | | | | | | | is Linux, do real auto-detection whether it is supported on the host or not and enable / disable it based on the result. The warning that is printed when the Linux kernel is too old to support sandboxing can be disabled via a flag. -- MOS_MIGRATED_REVID=101461120
* Replace quick hack for handling non-sandboxable spawns with a better solution.Gravatar Philipp Wollermann2015-08-26
| | | | | -- MOS_MIGRATED_REVID=101458091
* Execute spawns inside sandboxes to improve hermeticity (spawns can no longer ↵Gravatar Philipp Wollermann2015-08-26
| | | | | | | | | | | | use non-declared inputs) and safety (spawns can no longer affect the host system, e.g. accidentally wipe your home directory). This implementation works on Linux only and uses Linux containers ("namespaces"). The strategy works with all actions that Bazel supports (C++ / Java compilation, genrules, test execution, Skylark-based rules, ...) and in tests, Bazel could successfully bootstrap itself and pass the whole test suite using sandboxed execution. This is not the default behavior yet, but can be activated explicitly by using: bazel build --genrule_strategy=sandboxed --spawn_strategy=sandboxed //my:stuff -- MOS_MIGRATED_REVID=101457297
* Split sandbox code from standalone module.Gravatar Philipp Wollermann2015-06-29
-- MOS_MIGRATED_REVID=97126283
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-21 20:24:00 +0000