Skip to content

incompatible_sandbox_hermetic_tmp #19915

Closed
Closed
incompatible_sandbox_hermetic_tmp#19915
Assignees
fmeum
Labels
breaking-change-7.0Incompatible flags to be flipped in Bazel 7.0incompatible-changeIncompatible/breaking changemigration-readyIncompatible flag is ready for migration with Bazel rolling releases or Bazel@last_greenteam-Local-ExecIssues and PRs for the Execution (Local) teamtype: process
@fmeum

Description

@fmeum
fmeum
opened on Oct 21, 2023

Historically, on Linux, Bazel mounted the host machine's /tmp directory into each sandbox as /tmp. Since each sandbox maintains its own PID namespace, this causes problems with actions that create files in /tmp using only the PID as a distinguishing element of the filename, e.g. well-known sockets.

With --incompatible_sandbox_hermetic_tmp, Bazel creates and later cleans up a dedicated, initially empty temporary directory for each sandboxed action on Linux.

Migration:
If any actions in your build depend on access to the host's /tmp directory, for example to exchange data with non-hermetic daemons running on the host, you can either temporarily disable this new behavior via --noincompatible_sandbox_hermetic_tmp (not recommended as the flag will be removed in the future) or explicitly mount the host temporary directory via --sandbox_add_mount_pair=/tmp.

Metadata

Metadata

Assignees

Labels

breaking-change-7.0Incompatible flags to be flipped in Bazel 7.0incompatible-changeIncompatible/breaking changemigration-readyIncompatible flag is ready for migration with Bazel rolling releases or Bazel@last_greenteam-Local-ExecIssues and PRs for the Execution (Local) teamtype: process

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions