[Skiboot] [PATCH 10/15] travis: Disable seccomp on child containers

Oliver O'Halloran oohall at gmail.com
Fri Jun 12 12:24:47 AEST 2020

We've been hitting the following issue with valgrind breaking when run
inside a Fedora 32 container:

	        [ BOOT TEST ]  ccan/check_type/test/run
	valgrind: ccan/check_type/test/run: Operation not permitted
	make: *** [/build/ccan/Makefile.check:24:
	ccan/check_type/test/run-check] Error 126
	make: *** Waiting for unfinished jobs....

This seems to be a result of the default seccomp profile blocking system
calls that valgrind wants to use to inspect the process being debugged
(i.e. ptrace). Fix this by using the unrestricted seccomp profile and
giving the container the ptrace capability.

Travis uses ephemereal VMs for each job so this isn't any kind of
security issue.

Signed-off-by: Oliver O'Halloran <oohall at gmail.com>
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 17061913feb5..860d204d0465 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -39,6 +39,7 @@ install:
     - >
       docker run
+      --security-opt seccomp=unconfined
       --volume $HOME/.ccache:/root/.ccache
       --volume `pwd`:/build
       --volume `pwd`/ci_build_cache/${RUN_ON_CONTAINER}:/root/ci_build_cache/

More information about the Skiboot mailing list