diff options
author | Peter Smith <peter.smith@linaro.org> | 2018-07-03 10:13:26 +0100 |
---|---|---|
committer | Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> | 2018-07-19 17:19:24 +0000 |
commit | 22face7d18b4b200f13fda732de78d95a0345d24 (patch) | |
tree | bae11b9cf91c3c234dd389bb211a0b07c00a2a26 | |
parent | 1fce4a0efc6e3f35272537853bce7cb7892b3fad (diff) |
tcwg-dev run dev container with unconfined security policy
The sanitizer tests on AArch64 disable address space randomisation. This
results on an assertion failure as this is disabled on the container. By
using --security-opt seccomp=unconfined the sanitizer tests pass on
AArch64. This configuration option is already used for the buildbot
container.
Change-Id: I64c1659ed834a9a5cdc436a2c3077f6fb4b38d4a
-rwxr-xr-x | tcwg-base/tcwg-dev/start.sh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tcwg-base/tcwg-dev/start.sh b/tcwg-base/tcwg-dev/start.sh index edcd8aca..b281d34b 100755 --- a/tcwg-base/tcwg-dev/start.sh +++ b/tcwg-base/tcwg-dev/start.sh @@ -103,7 +103,8 @@ esac memlimit=$(($(free -g | awk '/^Mem/ { print $2 }') / 2))G # IPC_LOCK is required for some implementations of ssh-agent (e.g., MATE's). # SYS_PTRACE is required for debugger work. -caps="--cap-add=IPC_LOCK --cap-add=SYS_PTRACE" +# seccomp=unconfined to allow disabling of ASLR for sanitizer regression tests. +caps="--cap-add=IPC_LOCK --cap-add=SYS_PTRACE --security-opt seccomp:unconfined" $DOCKER run --name=$name --hostname=$(hostname)-dev --restart=unless-stopped -dt -p 22 $mounts --memory=$memlimit --pids-limit=5000 $caps $image --user $user "$@" |