Skip to content

Commit

Permalink
cmd/rundockerbuildlet: set --security-opt=seccomp=unconfined in conta…
Browse files Browse the repository at this point in the history 
…iners

This fixes race tests; the thread sanitizer needs to check its
personality, which seccomp defaults prevent apparently.

Updates golang/go#35547 (needs to be deployed first, then bug can be closed)

Change-Id: I8b87618f63ef2b7a75b72290098c09bf04298d86
Reviewed-on: https://go-review.googlesource.com/c/build/+/214919
Reviewed-by: Alexander Rakoczy <[email protected]>
Run-TryBot: Alexander Rakoczy <[email protected]>
TryBot-Result: Gobot Gobot <[email protected]>
  • Loading branch information
@bradfitz @toothrot
bradfitz authored and toothrot committed Jan 15, 2020
1 parent 52f8f67 commit 5946879
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions cmd/rundockerbuildlet/rundockerbuildlet.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,7 @@ func checkFix() error {
"--name="+name,
"-v", filepath.Dir(keyFile)+":/buildkey/",
"-e", "HOSTNAME="+name,
"--security-opt=seccomp=unconfined", // Issue 35547
"--tmpfs=/workdir:rw,exec")
if *memory != "" {
cmd.Args = append(cmd.Args, "--memory="+*memory)
Expand Down

0 comments on commit 5946879

Please sign in to comment.