hermetic linux sandbox throws error when mounting sandbox directory #14226
Comments
|
The error is probably caused by: The purpose of the hermetic sandbox is to prevent mounting too much in the sandbox. Bazel will not consider the mount pairs as dependencies, and will not rebuild if those files are changed. So you should typically not mount files that are changing. And especially not map anything containing bazel’s output root. Mapping the whole root would not make it more hermetic than using the normal linux-sandbox. |
|
I used that line specifically in my example code to make the changes as
minimal as possible from the non-hermetic environment.
I don't see why this should cause a failure to bind mount a completely
separate folder though. The error also does not seem to go away if that
line is removed.
…On Fri, Nov 5, 2021, 06:37 Ulrik Falklöf ***@***.***> wrote:
The error is probably caused by: --sandbox_add_mount_pair "/:/"
The purpose of the hermetic sandbox is to prevent mounting too much in the
sandbox.
Bazel will not consider the mount pairs as dependencies, and will not
rebuild if those files are changed. So you should typically not mount files
that are changing. And especially not map anything containing bazel’s
output root.
Mapping the whole root would not make it more hermetic than using the
normal linux-sandbox.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#14226 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAVM4K7VWENJ6RGYAVZZFJ3UKOXX3ANCNFSM5HMDMHDQ>
.
|
|
You can't mount anything on /, since the hermetic linux sandbox creates its own root dir '/', and mounts every mount_pair inside that. You can mount --sandbox_add_mount_pair="/:oldRoot" this will mount / in /oldRoot in the hermetic linux sandbox. |
|
Got it! If that's the case, is there a preferred strategy for loading a
custom rootfs? Like a separate flag for the root mount?
(I feel like that is one of the more common use cases for the hermetic
sandbox. Do I just need to mount every subdirectory?)
…On Fri, Nov 5, 2021, 07:35 Fredrik Frantzen ***@***.***> wrote:
You can't mount anything on /, since the hermetic linux sandbox creates
its own root dir '/', and mounts every mount_pair inside that. You can
mount --sandbox_add_mount_pair="/:oldRoot" this will mount / in /oldRoot in
the hermetic linux sandbox.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#14226 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAVM4K2EUUKXSSXK35T5C7LUKO6PHANCNFSM5HMDMHDQ>
.
|
|
We did not implement support for a custom rootfs. But I guess you could just run bazel with normal linux sandbox inside there? (Yes, you can mount every individual directory in '/' that you need in your sandbox under / |
|
Well, the normal linux sandbox does not let me use a custom rootfs as far as I know (in my actual use case, I have a rootfs exported from the docker image used in my RBE environment, and I do not want to use anything from the host). I only used my own root partition in the example. This is for developers, not CI/CD, so I do not want them to have to do extra steps to work inside the sandbox. Maybe I can make a PR into the documentation about how mounting Does anyone have a link to the appropriate place to update the docs for the CLI flags? |
|
Ok, I am clearly missing something in how to use I changed the entry in And now I get the following error:
|
|
Yes, the message is confusing, but whats actually "No such file or directory" is the things that /usr/bin/gcc depends on.
In our environment we do at the minimum this: |
|
Getting closer! I tried this with my directories, and I ran into the following error:
The exact same flag with |
|
Sorry for taking my time, I had not run into that issue before. But I can replicate it now. build --sandbox_add_mount_pair=/usr/lib32:/lib32 I guess that in the hermetic sandbox case, we should not validate the target paths, but instead create them. |
gregestren
added
team-Local-Exec
meisterT
added
P3
|
Thank you for contributing to the Bazel repository! This issue has been marked as stale since it has not had any activity in the last 1+ years. It will be closed in the next 14 days unless any other activity occurs or one of the following labels is added: "not stale", "awaiting-bazeler". Please reach out to the triage team ( |
github-actions
bot
added
the
stale
|
So... this is definitely still a bug and we were able to replicate and had a specific path forward for a fix. |
github-actions
bot
removed
the
stale
|
Thank you for contributing to the Bazel repository! This issue has been marked as stale since it has not had any activity in the last 1+ years. It will be closed in the next 90 days unless any other activity occurs. If you think this issue is still relevant and should stay open, please post any comment here and the issue will no longer be marked as stale. |
github-actions
bot
added
the
stale
Description of the problem / feature request:
When using
--experimental_use_hermetic_linux_sandbox, even a basic workspace seems to fail with the following error in almost any build action:Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
I have created a minimal reproduction in the repository: https://github.com/psigen/bazel-issue-14226
Steps to reproduce:
.bazelrcfile..bazelrcfile add the linesbazel buildany target in the workspaceWhat operating system are you running Bazel on?
What's the output of
bazel info release?Have you found anything relevant by searching the web?
I have not found any relevant issues in
The closest I can find is another sandbox mount issue which seems to have a separate cause.
Any other information, logs, or outputs that you want to share?
Here is the full debug output of trying to run a build action in my test workspace:
The text was updated successfully, but these errors were encountered: