bazel has a lot of dependencies and users don't want to install them
just to build gvisor.
These changes allows to run bazel in a docker container.
A bazel cache is on the local file system (~/.cache/bazel), so
incremental builds should be fast event after recreating a bazel
container.
Here is an example how to build runsc:
make BAZEL_OPTIONS="build runsc:runsc" bazel
Change-Id: I8c0a6d0c30e835892377fb6dd5f4af7a0052d12a
PiperOrigin-RevId: 246570877
Bazel 0.23.0 is required due to the use of cc_flags_supplier.bzl in the vdso
package. cc_flags_supplier.bzl was added in 0.23.0.
PiperOrigin-RevId: 245192715
Change-Id: I4258c064e5cc3bac2a587c887e0d8f87b6678ec7
This CL merges all RBE-specific configuration from .bazelrc_rbe into .bazelrc
so that it will be picked up by default by users running bazel.
It also checks in a bazelrc from the upstream bazel-toolchains repository, and
imports that into our repo-specific .bazelrc. This makes it easier to maintain
and update the bazelrc going forward.
Documentation was added to the README.
PiperOrigin-RevId: 242208733
Change-Id: Iea32de9be85b024bd74f88909b56b2a8ab34851a
Updated the README to correct some wording and clarify a bit that containerd
CRI runtime is needed.
PiperOrigin-RevId: 224944753
Change-Id: I7b9c527500f99571aca7ef73058472ae9b3d5371
Bazel 0.18 moved the workspace bazelrc location from //tools/bazel.rc to
//.bazelrc. The old location will be dropped by a future version of
bazel.
This bumps the minimum required version of bazel to 0.18.
More context:
https://groups.google.com/forum/#!msg/bazel-discuss/ycDacctX2vw/EGFxGLibAgAJ
PiperOrigin-RevId: 220338084
Change-Id: Ib6fa83a4a0f89e8e898d67152c7bd429e0b9b21e
This is a breaking change if you're using --debug-log-dir.
The fix is to replace it with --debug-log and add a '/' at
the end:
--debug-log-dir=/tmp/runsc ==> --debug-log=/tmp/runsc/
PiperOrigin-RevId: 216761212
Change-Id: I244270a0a522298c48115719fa08dad55e34ade1
When starting a sandbox without direct file or network access, we create an
empty user namespace and run the sandbox in there. However, the root user in
that namespace is still mapped to the root user in the parent namespace.
This CL maps the "nobody" user from the parent namespace into the child
namespace, and runs the sandbox process as user "nobody" inside the new
namespace.
PiperOrigin-RevId: 211572223
Change-Id: I1b1f9b1a86c0b4e7e5ca7bc93be7d4887678bab6
In the main readme, checkpoint and restore is listed as an
advanced feature, and a link to its readme is provided.
PiperOrigin-RevId: 208279833
Change-Id: Ib3db28a8df8ec93cf8d98d5dfd2ee2f75a61e664
The "install from source" section is moved under "advanced" header, right
before the testing section.
PiperOrigin-RevId: 196271666
Change-Id: I653ac0a2fa4661c96a0cb3daf3528c2109fed8d7
github markdown doesn't like {style} tags. Also moved the image after their respective section.
PiperOrigin-RevId: 194663070
Change-Id: I7a7b97c1bc6f2b368837a3aa936f8bd3c00469fd