diff options
| author | Colin Walters <walters@verbum.org> | 2022-01-13 09:50:19 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-13 09:50:19 -0500 |
| commit | 0095f7c472e237a10befeb02f300127f28880354 (patch) | |
| tree | b630e3cc9d0da96d8f39a12377880d30c982980e | |
| parent | 1af0150750fbedc780e8348c5927843824c65be0 (diff) | |
| parent | de1870df8cf6345be5f497d6a5129d5abc7398e5 (diff) | |
| download | ostree-0095f7c472e237a10befeb02f300127f28880354.tar.gz | |
Merge pull request #2517 from dbnicholson/ubuntu-seccomp
github: Workaround glib/seccomp issue on Ubuntu impish
| -rw-r--r-- | .github/workflows/tests.yml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5fd14bde..76b3967b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -22,6 +22,8 @@ jobs: # # image: The Docker image to use. # + # container-options: Additional Docker command line options. + # # pre-checkout-setup: Commands to run before the git repo checkout. # If git is not in the Docker image, it must be installed here. # Otherwise, the checkout action uses the GitHub REST API, which @@ -100,6 +102,21 @@ jobs: - name: Ubuntu Latest Release image: ubuntu:rolling + # FIXME: The ubuntu-latest VMs are currently based on 20.04 + # (focal). In focal, libseccomp2 doesn't know about the + # close_range syscall, but g_spawn_sync in impish tries to + # use close_range since it's defined in glibc. That causes + # libseccomp2 to return EPERM as it does for any unknown + # syscalls. g_spawn_sync carries on silently instead of + # falling back to other means of setting CLOEXEC on open + # FDs. Eventually it causes some tests to hang since once + # side of a pipe is never closed. Remove this when + # libseccomp2 in focal is updated or glib in impish handles + # the EPERM better. + # + # https://github.com/ostreedev/ostree/issues/2495 + # https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436 + container-options: --security-opt seccomp=unconfined pre-checkout-setup: | apt-get update apt-get install -y git @@ -108,6 +125,9 @@ jobs: runs-on: ubuntu-latest container: image: ${{ matrix.image }} + # An empty string isn't valid, so a dummy --label option is always + # added. + options: --label ostree ${{ matrix.container-options }} steps: - name: Pre-checkout setup |