Allow sandboxed macOS actions to run /bin/ps

Fixes #7448 On Apple Silicon (maybe not exclusively) using rules_foreign_cc without this you end up seeing many `/bin/ps` failures when configure scripts are running. Closes #13727. PiperOrigin-RevId: 388765944
bazelbuild · Aug 4, 2021 · 652d1cc · 652d1cc
1 parent 6db5f93
commit 652d1cc
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DarwinSandboxedSpawnRunner.java
@@ -340,6 +340,7 @@ private void writeConfig(
       out.println("(version 1)");
       out.println("(debug deny)");
       out.println("(allow default)");
+      out.println("(allow process-exec (with no-sandbox) (literal \"/bin/ps\"))");
 
       if (!allowNetwork) {
         out.println("(deny network*)");