Google Git
Sign in
bazel/bazel/bdd5d49386e1e7a2e50f7e27cc8439ce4ee997a0^!/.
commit
bdd5d49386e1e7a2e50f7e27cc8439ce4ee997a0
[log]
author
ruperts <ruperts@google.com>
Fri Jul 23 06:46:38 2021 -0700
committer
Copybara-Service <copybara-worker@google.com>
Fri Jul 23 06:47:52 2021 -0700
tree
4d21309465f770a7f3c07561d0f3a7b911b4e76f
parent
8de2032f4cc612d8c316b0a7389f6b3383cd0f79 [diff]
Clarify when sandboxing is enabled.

PiperOrigin-RevId: 386445443

diff --git a/site/docs/guide.md b/site/docs/guide.md
index f10ea35..5b29613 100644
--- a/site/docs/guide.md
+++ b/site/docs/guide.md

@@ -605,8 +605,10 @@
 
 #### Sandboxed execution
 
-Bazel uses sandboxes to guarantee that actions run hermetically<sup>1</sup> and
-correctly. Bazel runs _Spawns_ (loosely speaking: actions) in sandboxes that
+NOTE: Sandboxing is enabled by default for local execution.
+
+Bazel can use sandboxes to guarantee that actions run hermetically<sup>1</sup>
+and correctly. Bazel runs _spawns_ (loosely speaking: actions) in sandboxes that
 only contain the minimal set of files the tool requires to do its job. Currently
 sandboxing works on Linux 3.12 or newer with the `CONFIG_USER_NS` option
 enabled, and also on macOS 10.11 or newer.

diff --git a/site/docs/user-manual.html b/site/docs/user-manual.html
index 7796002..ba1df96 100644
--- a/site/docs/user-manual.html
+++ b/site/docs/user-manual.html

@@ -909,7 +909,9 @@
     <code>sandboxed</code> causes commands to be executed inside a sandbox on the local machine.
     This requires that all input files, data dependencies and tools are listed as direct
     dependencies in the <code>srcs</code>, <code>data</code> and <code>tools</code> attributes.
-    This is the default on systems that support sandboxed execution.
+
+    
+    Bazel enables local sandboxing by default, on systems that support sandboxed execution.
   </li>
 
   <li>