Allow sandboxed macOS actions to run /bin/ps Fixes https://github.com/bazelbuild/bazel/issues/7448 On Apple Silicon (maybe not exclusively) using rules_foreign_cc without this you end up seeing many `/bin/ps` failures when configure scripts are running. Closes #13727. PiperOrigin-RevId: 388765944

commit: 652d1cc233a49593767c01725974eb17b90dca4b [log] [tgz]
author: Keith Smiley <keithbsmiley@gmail.com> Wed Aug 04 13:05:49 2021 -0700
committer: Copybara-Service <copybara-worker@google.com> Wed Aug 04 13:06:53 2021 -0700
tree: 2df941713e3a122ff7815a22f007fd325fb49b5e
parent: 6db5f931c3d0cd6de4869470c460ab114a60c915 [diff]
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
index 4148b9c..5cfaae4 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java

@@ -340,6 +340,7 @@
       out.println("(version 1)");
       out.println("(debug deny)");
       out.println("(allow default)");
+      out.println("(allow process-exec (with no-sandbox) (literal \"/bin/ps\"))");
 
       if (!allowNetwork) {
         out.println("(deny network*)");
commit	652d1cc233a49593767c01725974eb17b90dca4b	[log] [tgz]
author	Keith Smiley <keithbsmiley@gmail.com>	Wed Aug 04 13:05:49 2021 -0700
committer	Copybara-Service <copybara-worker@google.com>	Wed Aug 04 13:06:53 2021 -0700
tree	2df941713e3a122ff7815a22f007fd325fb49b5e
parent	6db5f931c3d0cd6de4869470c460ab114a60c915 [diff]