Add flag --nosandbox/--no_sandbox/--no-sandbox to disable sandbox. -- MOS_MIGRATED_REVID=133697962
diff --git a/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java b/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java index 697645d..dd2d5de 100644 --- a/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java +++ b/src/main/java/com/google/devtools/build/lib/actions/BaseSpawn.java
@@ -31,9 +31,7 @@ import java.util.Set; import javax.annotation.concurrent.Immutable; -/** - * Base implementation of a Spawn. - */ +/** Base implementation of a Spawn. */ @Immutable public class BaseSpawn implements Spawn { private final ImmutableList<String> arguments; @@ -72,12 +70,13 @@ * Returns a new Spawn. The caller must not modify the parameters after the call; neither will * this method. */ - public BaseSpawn(List<String> arguments, - Map<String, String> environment, - Map<String, String> executionInfo, - RunfilesSupplier runfilesSupplier, - ActionExecutionMetadata action, - ResourceSet localResources) { + public BaseSpawn( + List<String> arguments, + Map<String, String> environment, + Map<String, String> executionInfo, + RunfilesSupplier runfilesSupplier, + ActionExecutionMetadata action, + ResourceSet localResources) { this( arguments, environment, @@ -93,7 +92,8 @@ * Returns a new Spawn. The caller must not modify the parameters after the call; neither will * this method. */ - public BaseSpawn(List<String> arguments, + public BaseSpawn( + List<String> arguments, Map<String, String> environment, Map<String, String> executionInfo, Map<PathFragment, Artifact> runfilesManifests, @@ -110,10 +110,9 @@ ImmutableSet.<PathFragment>of()); } - /** - * Returns a new Spawn. - */ - public BaseSpawn(List<String> arguments, + /** Returns a new Spawn. */ + public BaseSpawn( + List<String> arguments, Map<String, String> environment, Map<String, String> executionInfo, ActionExecutionMetadata action, @@ -151,6 +150,11 @@ } @Override + public boolean hasNoSandbox() { + return executionInfo.containsKey("nosandbox"); + } + + @Override public boolean isRemotable() { return !executionInfo.containsKey("local"); } @@ -186,9 +190,11 @@ info.addAllArgument(getArguments()); for (Map.Entry<String, String> variable : getEnvironment().entrySet()) { - info.addVariable(EnvironmentVariable.newBuilder() - .setName(variable.getKey()) - .setValue(variable.getValue()).build()); + info.addVariable( + EnvironmentVariable.newBuilder() + .setName(variable.getKey()) + .setValue(variable.getValue()) + .build()); } for (ActionInput input : getInputFiles()) { // Explicitly ignore middleman artifacts here. @@ -268,38 +274,38 @@ } @Override - public ActionOwner getOwner() { return action.getOwner(); } + public ActionOwner getOwner() { + return action.getOwner(); + } @Override - public String getMnemonic() { return action.getMnemonic(); } + public String getMnemonic() { + return action.getMnemonic(); + } - /** - * Convert a working dir + environment map + arg list into a Bourne shell - * command. - */ - public static String asShellCommand(Collection<String> arguments, - Path workingDirectory, - Map<String, String> environment) { + /** Convert a working dir + environment map + arg list into a Bourne shell command. */ + public static String asShellCommand( + Collection<String> arguments, Path workingDirectory, Map<String, String> environment) { // We print this command out in such a way that it can safely be // copied+pasted as a Bourne shell command. This is extremely valuable for // debugging. - return CommandFailureUtils.describeCommand(CommandDescriptionForm.COMPLETE, - arguments, environment, workingDirectory.getPathString()); + return CommandFailureUtils.describeCommand( + CommandDescriptionForm.COMPLETE, arguments, environment, workingDirectory.getPathString()); } - /** - * A local spawn requiring zero resources. - */ + /** A local spawn requiring zero resources. */ public static class Local extends BaseSpawn { - public Local(List<String> arguments, Map<String, String> environment, - ActionExecutionMetadata action) { + public Local( + List<String> arguments, Map<String, String> environment, ActionExecutionMetadata action) { this(arguments, environment, ImmutableMap.<String, String>of(), action); } - public Local(List<String> arguments, Map<String, String> environment, - Map<String, String> executionInfo, ActionExecutionMetadata action) { - super(arguments, environment, buildExecutionInfo(executionInfo), - action, ResourceSet.ZERO); + public Local( + List<String> arguments, + Map<String, String> environment, + Map<String, String> executionInfo, + ActionExecutionMetadata action) { + super(arguments, environment, buildExecutionInfo(executionInfo), action, ResourceSet.ZERO); } private static ImmutableMap<String, String> buildExecutionInfo(
diff --git a/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java b/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java index d72a686..45a1496 100644 --- a/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java +++ b/src/main/java/com/google/devtools/build/lib/actions/DelegateSpawn.java
@@ -45,6 +45,11 @@ } @Override + public boolean hasNoSandbox() { + return spawn.hasNoSandbox(); + } + + @Override public ImmutableList<Artifact> getFilesetManifests() { return spawn.getFilesetManifests(); }
diff --git a/src/main/java/com/google/devtools/build/lib/actions/Spawn.java b/src/main/java/com/google/devtools/build/lib/actions/Spawn.java index 3e24fdc..a069db6 100644 --- a/src/main/java/com/google/devtools/build/lib/actions/Spawn.java +++ b/src/main/java/com/google/devtools/build/lib/actions/Spawn.java
@@ -36,6 +36,11 @@ boolean isRemotable(); /** + * Returns true iff this command should be executed without a sandbox. + */ + boolean hasNoSandbox(); + + /** * Out-of-band data for this spawn. This can be used to signal hints (hardware requirements, * local vs. remote) to the execution subsystem. *
diff --git a/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java b/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java index 612d661..6e34e0f 100644 --- a/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java +++ b/src/main/java/com/google/devtools/build/lib/analysis/actions/SpawnAction.java
@@ -506,6 +506,7 @@ private ParamFileInfo paramFileInfo = null; private String mnemonic = "Unknown"; private ExtraActionInfoSupplier<?> extraActionInfoSupplier = null; + private boolean disableSandboxing = false; /** * Creates a SpawnAction builder. @@ -656,6 +657,13 @@ env = this.environment; } + if (disableSandboxing) { + ImmutableMap.Builder<String, String> builder = ImmutableMap.builder(); + builder.putAll(executionInfo); + builder.put("nosandbox", "1"); + executionInfo = builder.build(); + } + return createSpawnAction( owner, tools, @@ -1137,5 +1145,10 @@ paramFileInfo = new ParamFileInfo(parameterFileType, charset, flagPrefix, always); return this; } + + public Builder disableSandboxing() { + this.disableSandboxing = true; + return this; + } } }
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java index 7634e33..ad09fa3 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedStrategy.java
@@ -151,7 +151,7 @@ Executor executor = actionExecutionContext.getExecutor(); // Certain actions can't run remotely or in a sandbox - pass them on to the standalone strategy. - if (!spawn.isRemotable()) { + if (!spawn.isRemotable() || spawn.hasNoSandbox()) { SandboxHelpers.fallbackToNonSandboxedExecution(spawn, actionExecutionContext, executor); return; }
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java index 0e38d0d..3d60a84 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedStrategy.java
@@ -90,7 +90,7 @@ Executor executor = actionExecutionContext.getExecutor(); // Certain actions can't run remotely or in a sandbox - pass them on to the standalone strategy. - if (!spawn.isRemotable()) { + if (!spawn.isRemotable() || spawn.hasNoSandbox()) { SandboxHelpers.fallbackToNonSandboxedExecution(spawn, actionExecutionContext, executor); return; }