Google Git
Sign in
bazel/bazel/11f7d8040fadc595589ee264561606dc2a83685d^!/./src/main/java/com/google/devtools/build/lib/sandbox/BUILD
commit
11f7d8040fadc595589ee264561606dc2a83685d
[log]
author
frazze-jobb <fredrik.frantzen@ericsson.com>
Mon Sep 06 08:45:27 2021 -0700
committer
Copybara-Service <copybara-worker@google.com>
Mon Sep 06 08:46:45 2021 -0700
tree
1b62332d9e89671ccd3af4e9c762e7614fa6344b
parent
214a5949291c5a45ff9cc2ad41d6e7508a73167a [diff] [blame]
Implement Hermetic sandbox with support for hardlinks

Adds linux-sandbox flag:
--experimental_use_hermetic_linux_sandbox - Configure linux-sandbox
 to run in a chroot environment to prevent access to files not
 mentioned in the bazel rules unless they can be found via
 explicitly whitelisted directories using --sandbox_add_mount_pair
 create hardlinks instead of symlinks, and fallback to copying.
 In case of writes to input files, the build will be aborted.

Closes #13279.

PiperOrigin-RevId: 395104527

diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/BUILD b/src/main/java/com/google/devtools/build/lib/sandbox/BUILD
index 0dffde4..8701c24 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/BUILD
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/BUILD

@@ -19,6 +19,7 @@
         "//src/main/java/com/google/devtools/build/lib/actions",
         "//src/main/java/com/google/devtools/build/lib/actions:artifacts",
         "//src/main/java/com/google/devtools/build/lib/actions:execution_requirements",
+        "//src/main/java/com/google/devtools/build/lib/actions:file_metadata",
         "//src/main/java/com/google/devtools/build/lib/actions:localhost_capacity",
         "//src/main/java/com/google/devtools/build/lib/analysis:blaze_directories",
         "//src/main/java/com/google/devtools/build/lib/analysis:test/test_configuration",