Back in 2017–2020, while I was on the Blaze team at Google, I took on a 20% project that turned into a bit of an obsession: sandboxfs. Born out of my work supporting iOS development, it was my attempt to solve a persistent pain point that frustrated both internal teams and external users alike: Bazel’s
Well we used sandboxfs for years in our Linux based builds, it solved a performance issue when very large sandboxes needed to be created (10000 files or more). It is a pity that it is no longer supported. We have a patched version for Bazel 7, but we dropped support when we moved to Bazel 8.
Well we used sandboxfs for years in our Linux based builds, it solved a performance issue when very large sandboxes needed to be created (10000 files or more). It is a pity that it is no longer supported. We have a patched version for Bazel 7, but we dropped support when we moved to Bazel 8.
MacOS security has been making the platform unfriendly to developers in a similar way that Windows has since Vista.
Is Bazel using Landlock LSM yet for sandboxing? That's what I use with GNU Make and it's great. Nothing is faster.
The downside is it requires ~3 syscalls per file. If only I could send it all the mappings at once like you did.