commit | 652d1cc233a49593767c01725974eb17b90dca4b | [log] [tgz] |
---|---|---|
author | Keith Smiley <keithbsmiley@gmail.com> | Wed Aug 04 13:05:49 2021 -0700 |
committer | Copybara-Service <copybara-worker@google.com> | Wed Aug 04 13:06:53 2021 -0700 |
tree | 2df941713e3a122ff7815a22f007fd325fb49b5e | |
parent | 6db5f931c3d0cd6de4869470c460ab114a60c915 [diff] |
Allow sandboxed macOS actions to run /bin/ps Fixes https://github.com/bazelbuild/bazel/issues/7448 On Apple Silicon (maybe not exclusively) using rules_foreign_cc without this you end up seeing many `/bin/ps` failures when configure scripts are running. Closes #13727. PiperOrigin-RevId: 388765944
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java index 4148b9c..5cfaae4 100644 --- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java +++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
@@ -340,6 +340,7 @@ out.println("(version 1)"); out.println("(debug deny)"); out.println("(allow default)"); + out.println("(allow process-exec (with no-sandbox) (literal \"/bin/ps\"))"); if (!allowNetwork) { out.println("(deny network*)");