q3k
commented
4 months ago This is semantically difficult: we can't really access the bazel run environment from bazel test without breaking a bunch of sandbox/containment rules.
This comes back to the discussion of the existence of the sandbox root as is. Arguably, the correct solution would be to always bring in our dependencies (like qemu, which we already do!, we just forgot to use it here), get rid of the sandbox root, and at first rely again on linking against host (ie. Nix) dependencies, then actually solve the toolchain problem and build static binaries. The existence of the sandbox root during builds but its non-existence during run is painful.
Avoid future occurrences of https://github.com/monogon-dev/monogon/issues/306 and similar targets which are important for developer productivity and/or are user- or customer-facing.