'Does `bazel run` use sandboxing? If not, why not?

From my tests, it doesn't appear that bazel run runs in a sandbox. For example, I ran bazel run //:some_target --spawn_strategy=darwin-sandbox --sandbox_debug, and it didn't generate a new directory in <outputBase>/sandbox/darwin-sandbox.

Am I correct that bazel run doesn't use sandboxing? If so, why not?

bazel


Solution 1:[1]

bazel run will build the target you pass with sandboxing and caching the same way as bazel build, and then it will run it outside the sandbox. That's the whole point of bazel run.

If you want to run a command inside the sandbox, write a genrule and then bazel build the genrule target.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Brian Silverman

Related Questions

new_git_repository shallow_since field format

Bazel 0.29.1 LLVM-7.0 on Centos 7

Running bazel query without downloading external dependencies

expand_template with make variables

Bazel build on cycle in dependency graph error

How to query sibling rules from a Bazel rule

How to specify -std=c++11 option in bazel BUILD file?

Bazel test rule for the Python BDD tool "behave"

Bazel repository rule- Can I access something like Java's "os.arch"?

How to use select to properly detect whether I am building C++ code in Windows or Linux?

How to use Bazel in Azure Pipelines?

Loading built-in Python Wrappers in TensorFlow

Bazel and py_test in sandbox - any way to define outputs?

How to select a platform from the command line in Bazel

how to pass include directories from package imported in WORKSPACE to cxx_builtin_include_directories for a selfdefined cc_toolchain_config