Add flag --nosandbox/--no_sandbox/--no-sandbox to disable sandbox.
--
MOS_MIGRATED_REVID=133697962
diff --git a/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java b/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java
index 697645d..dd2d5de 100644
--- a/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java
+++ b/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java
@@ -31,9 +31,7 @@
import java.util.Set;
import javax.annotation.concurrent.Immutable;
-/**
- * Base implementation of a Spawn.
- */
+/** Base implementation of a Spawn. */
@Immutable
public class BaseSpawn implements Spawn {
private final ImmutableList<String> arguments;
@@ -72,12 +70,13 @@
* Returns a new Spawn. The caller must not modify the parameters after the call; neither will
* this method.
*/
- public BaseSpawn(List<String> arguments,
- Map<String, String> environment,
- Map<String, String> executionInfo,
- RunfilesSupplier runfilesSupplier,
- ActionExecutionMetadata action,
- ResourceSet localResources) {
+ public BaseSpawn(
+ List<String> arguments,
+ Map<String, String> environment,
+ Map<String, String> executionInfo,
+ RunfilesSupplier runfilesSupplier,
+ ActionExecutionMetadata action,
+ ResourceSet localResources) {
this(
arguments,
environment,
@@ -93,7 +92,8 @@
* Returns a new Spawn. The caller must not modify the parameters after the call; neither will
* this method.
*/
- public BaseSpawn(List<String> arguments,
+ public BaseSpawn(
+ List<String> arguments,
Map<String, String> environment,
Map<String, String> executionInfo,
Map<PathFragment, Artifact> runfilesManifests,
@@ -110,10 +110,9 @@
ImmutableSet.<PathFragment>of());
}
- /**
- * Returns a new Spawn.
- */
- public BaseSpawn(List<String> arguments,
+ /** Returns a new Spawn. */
+ public BaseSpawn(
+ List<String> arguments,
Map<String, String> environment,
Map<String, String> executionInfo,
ActionExecutionMetadata action,
@@ -151,6 +150,11 @@
}
@Override
+ public boolean hasNoSandbox() {
+ return executionInfo.containsKey("nosandbox");
+ }
+
+ @Override
public boolean isRemotable() {
return !executionInfo.containsKey("local");
}
@@ -186,9 +190,11 @@
info.addAllArgument(getArguments());
for (Map.Entry<String, String> variable : getEnvironment().entrySet()) {
- info.addVariable(EnvironmentVariable.newBuilder()
- .setName(variable.getKey())
- .setValue(variable.getValue()).build());
+ info.addVariable(
+ EnvironmentVariable.newBuilder()
+ .setName(variable.getKey())
+ .setValue(variable.getValue())
+ .build());
}
for (ActionInput input : getInputFiles()) {
// Explicitly ignore middleman artifacts here.
@@ -268,38 +274,38 @@
}
@Override
- public ActionOwner getOwner() { return action.getOwner(); }
+ public ActionOwner getOwner() {
+ return action.getOwner();
+ }
@Override
- public String getMnemonic() { return action.getMnemonic(); }
+ public String getMnemonic() {
+ return action.getMnemonic();
+ }
- /**
- * Convert a working dir + environment map + arg list into a Bourne shell
- * command.
- */
- public static String asShellCommand(Collection<String> arguments,
- Path workingDirectory,
- Map<String, String> environment) {
+ /** Convert a working dir + environment map + arg list into a Bourne shell command. */
+ public static String asShellCommand(
+ Collection<String> arguments, Path workingDirectory, Map<String, String> environment) {
// We print this command out in such a way that it can safely be
// copied+pasted as a Bourne shell command. This is extremely valuable for
// debugging.
- return CommandFailureUtils.describeCommand(CommandDescriptionForm.COMPLETE,
- arguments, environment, workingDirectory.getPathString());
+ return CommandFailureUtils.describeCommand(
+ CommandDescriptionForm.COMPLETE, arguments, environment, workingDirectory.getPathString());
}
- /**
- * A local spawn requiring zero resources.
- */
+ /** A local spawn requiring zero resources. */
public static class Local extends BaseSpawn {
- public Local(List<String> arguments, Map<String, String> environment,
- ActionExecutionMetadata action) {
+ public Local(
+ List<String> arguments, Map<String, String> environment, ActionExecutionMetadata action) {
this(arguments, environment, ImmutableMap.<String, String>of(), action);
}
- public Local(List<String> arguments, Map<String, String> environment,
- Map<String, String> executionInfo, ActionExecutionMetadata action) {
- super(arguments, environment, buildExecutionInfo(executionInfo),
- action, ResourceSet.ZERO);
+ public Local(
+ List<String> arguments,
+ Map<String, String> environment,
+ Map<String, String> executionInfo,
+ ActionExecutionMetadata action) {
+ super(arguments, environment, buildExecutionInfo(executionInfo), action, ResourceSet.ZERO);
}
private static ImmutableMap<String, String> buildExecutionInfo(
diff --git a/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java b/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java
index d72a686..45a1496 100644
--- a/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java
+++ b/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java
@@ -45,6 +45,11 @@
}
@Override
+ public boolean hasNoSandbox() {
+ return spawn.hasNoSandbox();
+ }
+
+ @Override
public ImmutableList<Artifact> getFilesetManifests() {
return spawn.getFilesetManifests();
}
diff --git a/src/main/java/com/google/devtools/build/lib/actions/Spawn.java b/src/main/java/com/google/devtools/build/lib/actions/Spawn.java
index 3e24fdc..a069db6 100644
--- a/src/main/java/com/google/devtools/build/lib/actions/Spawn.java
+++ b/src/main/java/com/google/devtools/build/lib/actions/Spawn.java
@@ -36,6 +36,11 @@
boolean isRemotable();
/**
+ * Returns true iff this command should be executed without a sandbox.
+ */
+ boolean hasNoSandbox();
+
+ /**
* Out-of-band data for this spawn. This can be used to signal hints (hardware requirements,
* local vs. remote) to the execution subsystem.
*
diff --git a/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java b/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java
index 612d661..6e34e0f 100644
--- a/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java
+++ b/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java
@@ -506,6 +506,7 @@
private ParamFileInfo paramFileInfo = null;
private String mnemonic = "Unknown";
private ExtraActionInfoSupplier<?> extraActionInfoSupplier = null;
+ private boolean disableSandboxing = false;
/**
* Creates a SpawnAction builder.
@@ -656,6 +657,13 @@
env = this.environment;
}
+ if (disableSandboxing) {
+ ImmutableMap.Builder<String, String> builder = ImmutableMap.builder();
+ builder.putAll(executionInfo);
+ builder.put("nosandbox", "1");
+ executionInfo = builder.build();
+ }
+
return createSpawnAction(
owner,
tools,
@@ -1137,5 +1145,10 @@
paramFileInfo = new ParamFileInfo(parameterFileType, charset, flagPrefix, always);
return this;
}
+
+ public Builder disableSandboxing() {
+ this.disableSandboxing = true;
+ return this;
+ }
}
}
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java
index 7634e33..ad09fa3 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java
@@ -151,7 +151,7 @@
Executor executor = actionExecutionContext.getExecutor();
// Certain actions can't run remotely or in a sandbox - pass them on to the standalone strategy.
- if (!spawn.isRemotable()) {
+ if (!spawn.isRemotable() || spawn.hasNoSandbox()) {
SandboxHelpers.fallbackToNonSandboxedExecution(spawn, actionExecutionContext, executor);
return;
}
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
index 0e38d0d..3d60a84 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
@@ -90,7 +90,7 @@
Executor executor = actionExecutionContext.getExecutor();
// Certain actions can't run remotely or in a sandbox - pass them on to the standalone strategy.
- if (!spawn.isRemotable()) {
+ if (!spawn.isRemotable() || spawn.hasNoSandbox()) {
SandboxHelpers.fallbackToNonSandboxedExecution(spawn, actionExecutionContext, executor);
return;
}
