Merged
Conversation
bemerybmw
requested review from
LittleHuba,
castler,
crimson11,
hoe-jo and
limdor
as code owners
bemerybmw
force-pushed
the
brem_add_setup
branch
from
bdaedb8 to
4ec7e54
Compare
Contributor
|
I also added a line in overall readme here: #214 |
SETUP.md
Outdated
| ## Integration Tests | ||
|
|
||
| Prerequisites: | ||
| - Docker (Instructions for installing here: https://docs.docker.com/engine/install/) |
Contributor
There was a problem hiding this comment.
Just a note, I tried with rootless mode ( https://docs.docker.com/engine/security/rootless/ ) it works fine and has less security implications. So it might be worth to note this. (And a question is if we want to officially support rootless mode)
bemerybmw
force-pushed
the
brem_add_setup
branch
3 times, most recently
from
aaa46f9 to
db94056
Compare
LittleHuba
reviewed
Mar 20, 2026
SETUP.md
Outdated
| To work around this issue, you can run the following bash script (must be run with sudo!): | ||
|
|
||
| ```bash | ||
| sudo bash actions/unblock_user_namespace_for_linux_sandbox/action_callable.sh |
Contributor
There was a problem hiding this comment.
Ahh sorry, the script itself is calling sudo on the right actions. So you don't have to call the script itself with sudo. My mistake...
SETUP.md
Outdated
|
|
||
| Ubuntu 24.04 introduced the security framework apparmor. The standard configuration of apparmor which also includes unprivileged user namespaces interferes with the bazel sandboxing mechanism and inhibits the linux-sandbox. This affects all bazel tests and potentially any bazel runnables. | ||
|
|
||
| To work around this issue, you can run the following bash script (must be run with sudo!): |
Contributor
There was a problem hiding this comment.
Maybe also drop a note that this must be rerun when we update the bazel version.
Comment on lines
+16
to
+20
| if [ $? -ne 0 ]; then | ||
| echo "Warning: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' failed." | ||
| else | ||
| echo "Success: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' succeeded." | ||
| fi |
Contributor
There was a problem hiding this comment.
Return the exit code from the script to make the CI fail if this check fails.
Suggested change
| if [ $? -ne 0 ]; then | |
| echo "Warning: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' failed." | |
| else | |
| echo "Success: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' succeeded." | |
| fi | |
| EXIT_CODE=$? | |
| if [ $EXIT_CODE -ne 0 ]; then | |
| echo "Warning: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' failed." | |
| else | |
| echo "Success: '${INSTALL_BASE}/linux-sandbox \"/bin/true\"' succeeded." | |
| fi | |
| exit $EXIT_CODE |
bemerybmw
force-pushed
the
brem_add_setup
branch
from
db94056 to
e0cb337
Compare
LittleHuba
approved these changes
Mar 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.