I'm running bazel inside of a docker container. Locally, when I run bazel with no flags I get the following warning:
WARNING: Sandboxed execution is not supported on your system and thus hermeticity of actions cannot be guaranteed. See http://bazel.build/docs/bazel-user-manual.html#sandboxing for more information. You can turn off this warning via --ignore_unsupported_sandboxing.
And while I lose some guarantees about hermeticity, Bazel still creates all the sandboxing directories before running any of my genrules.
However, in CI, I'm not seeing that warning and instead just get failures when sandboxing is attempted. So I passed --genrule_strategy=standalone
to stop the crash, but now my genrules are executing right in the workspace, which I definitely don't want.
Is there a way for me to get the behavior I'm seeing locally, where explicit sandboxing calls are being disabled because they would fail but the tmp directory creation with srcs/deps/data being copied over correctly still happens?
Either a flag I could pass to bazel to trigger that behavior, or something I could do to my system to convince bazel that sandboxing is not supported there?