Historically, on Linux, Bazel mounted the host machine's /tmp directory into each sandbox as /tmp. Since each sandbox maintains its own PID namespace, this causes problems with actions that create files in /tmp using only the PID as a distinguishing element of the filename, e.g. well-known sockets.
With --incompatible_sandbox_hermetic_tmp, Bazel creates and later cleans up a dedicated, initially empty temporary directory for each sandboxed action on Linux.
Migration:
If any actions in your build depend on access to the host's /tmp directory, for example to exchange data with non-hermetic daemons running on the host, you can either temporarily disable this new behavior via --noincompatible_sandbox_hermetic_tmp (not recommended as the flag will be removed in the future) or explicitly mount the host temporary directory via --sandbox_add_mount_pair=/tmp.
Historically, on Linux, Bazel mounted the host machine's
/tmpdirectory into each sandbox as/tmp. Since each sandbox maintains its own PID namespace, this causes problems with actions that create files in/tmpusing only the PID as a distinguishing element of the filename, e.g. well-known sockets.With
--incompatible_sandbox_hermetic_tmp, Bazel creates and later cleans up a dedicated, initially empty temporary directory for each sandboxed action on Linux.Migration:
If any actions in your build depend on access to the host's
/tmpdirectory, for example to exchange data with non-hermetic daemons running on the host, you can either temporarily disable this new behavior via--noincompatible_sandbox_hermetic_tmp(not recommended as the flag will be removed in the future) or explicitly mount the host temporary directory via--sandbox_add_mount_pair=/tmp.