Bazel: windows: support sandboxing [blocking #5640]

I'm sure you're aware, but Windows has something called the Host Compute Service which is used to implement containers for things like Docker.

This blog post has the high level picture and they link to wrappers+sample code for C# and Go (which looks more complete and is what Docker actually uses.)

Maybe something from there would be useful?

I wasn't aware, thanks for the info! Could be useful indeed. Though supporting the Docker-based sandbox strategy on Windows may be more convenient than implementing native sandboxing.

Cool! Makes sense.

FYI: https://github.com/Microsoft/BuildXL has an implementation of Windows Sandboxing

@ilya-klyuchnikov -- Thanks for the heads-up! Very interesting, I'll take a look and try to build it.

@laszlocsomor could you please add a priority to this issue?

Setting priority to p3 -- I don't expect much focus on this before Bazel 1.0 (though this is not ruled out either).

@rongjiecomputer is working on this feature \o/

I wonder if you looked at FUSE implementations for Windows, such as https://dokan-dev.github.io/ or http://www.secfs.net/winfsp/ ? As Bazel already makes use of sandboxfs for Linux and Mac it may be beneficial to utilize as similar tech as possible on Windows.

@laszlocsomor @rongjiecomputer What's the status of this? Is the current progress documented somewhere?

@aherrmann : @rongjiecomputer implemented experimental sandbox support as part of Google Summer of Code 2019 (GSoC).

All about the project is in a public Google doc: https://docs.google.com/document/d/1dbF5cGYJouGF5zd0GDE-rbUvkKvH36DnNdtEvE4yV6w/edit

The Bazel team does not maintain this feature. We currently have no plans to work on it either.