[Skiboot] [PATCH 10/15] travis: Disable seccomp on child containers
Oliver O'Halloran
oohall at gmail.com
Fri Jun 12 12:24:47 AEST 2020
We've been hitting the following issue with valgrind breaking when run
inside a Fedora 32 container:
[ BOOT TEST ] ccan/check_type/test/run
valgrind: ccan/check_type/test/run: Operation not permitted
make: *** [/build/ccan/Makefile.check:24:
ccan/check_type/test/run-check] Error 126
make: *** Waiting for unfinished jobs....
This seems to be a result of the default seccomp profile blocking system
calls that valgrind wants to use to inspect the process being debugged
(i.e. ptrace). Fix this by using the unrestricted seccomp profile and
giving the container the ptrace capability.
Travis uses ephemereal VMs for each job so this isn't any kind of
security issue.
Signed-off-by: Oliver O'Halloran <oohall at gmail.com>
---
.travis.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.travis.yml b/.travis.yml
index 17061913feb5..860d204d0465 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -39,6 +39,7 @@ install:
script:
- >
docker run
+ --security-opt seccomp=unconfined
--volume $HOME/.ccache:/root/.ccache
--volume `pwd`:/build
--volume `pwd`/ci_build_cache/${RUN_ON_CONTAINER}:/root/ci_build_cache/
--
2.26.2
More information about the Skiboot
mailing list