Perfect Sandboxing in Bazel – Rahul Butani, Intel
Complete dependency graphs are at the heart of what gives Bazel its power and sandboxing plays a key role in keeping these graphs correct. However: Bazel’s approach to sandboxing makes some concessions. With cooperation from tools this works well, but — what happens when your tools aren’t well-behaved? In this talk, we detail how we — in service of migrating a 20 year old codebase to Bazel — extended Bazel and its sandbox to encode and enforce all host filesystem dependencies in Bazel’s dependency graph. We’ll cover the changes we had to make to use existing rulesets, how this compares with alternative solutions to this problem, lessons we learned along the way, and some takeaways for the broader ecosystem.
