2017-05-02 17:46
浏览 162


I'm running bazel inside of a docker container. Locally, when I run bazel with no flags I get the following warning:

WARNING: Sandboxed execution is not supported on your system and thus hermeticity of actions cannot be guaranteed. See for more information. You can turn off this warning via --ignore_unsupported_sandboxing.

And while I lose some guarantees about hermeticity, Bazel still creates all the sandboxing directories before running any of my genrules.

However, in CI, I'm not seeing that warning and instead just get failures when sandboxing is attempted. So I passed --genrule_strategy=standalone to stop the crash, but now my genrules are executing right in the workspace, which I definitely don't want.

Is there a way for me to get the behavior I'm seeing locally, where explicit sandboxing calls are being disabled because they would fail but the tmp directory creation with srcs/deps/data being copied over correctly still happens?

Either a flag I could pass to bazel to trigger that behavior, or something I could do to my system to convince bazel that sandboxing is not supported there?

图片转代码服务由CSDN问答提供 功能建议

我正在docker容器内运行bazel。 在本地,当我运行没有标志的bazel时,会收到以下警告:

警告:您的系统不支持沙盒执行,因此无法保证动作的密封性。 请参见 #sandboxing 了解更多信息。 您可以通过--ignore_unsupported_sandboxing关闭此警告。

尽管我失去了关于密封性的某些保证,但Bazel仍然会在运行任何风格之前创建所有沙箱目录。 。

但是,在CI中,我没有看到该警告,而是在尝试沙箱测试时出现了故障。 因此,我通过了-genrule_strategy = standalone 来停止崩溃,但是现在我的genrules在工作空间中执行,我绝对不希望这样做。

有没有办法让我获得在本地看到的行为,其中禁用了显式沙箱调用,因为它们可能会失败,但是正在使用srcs / deps / data创建tmp目录



  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • douyan4900 2017-05-02 20:06

    What bazel version are you using which crashes when it tries to use sandboxing? I suspect c2d773ef4c0916a44fd7936f7bbc22ec55102915 will resolve that problem because it makes the detection of whether the sandbox works much more robust, which seems like it would then do what you're looking for.

    打赏 评论
  • donglin7979 2017-05-03 09:12

    Two possible options:

    1) To disable sandboxing, --genrule_strategy=standalone only applies to genrules. You also need to disable it for other rules, i.e. add --spawn_strategy=standalone. You may also need to disable it for specific rule types, e.g. --strategy GoCompile=standalone.

    2) To use sandboxing, you can run Bazel inside a privileged container, i.e. start its container with the --privileged flag. This might be a configuration option in your CI.

    打赏 评论

相关推荐 更多相似问题