|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile |
Date: | Sat, 6 May 2017 13:33:56 -0300 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
Hi Fam, Alex, Paolo, On 05/05/2017 12:23 AM, Fam Zheng wrote:
Some by default blocked syscalls are required to run tests for example userfaultfd. Signed-off-by: Fam Zheng <address@hidden> --- tests/docker/Makefile.include | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 0ed8c3d..09d157c 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -127,6 +127,7 @@ docker-run: docker-qemu-src $(call quiet-command, \ $(SRC_PATH)/tests/docker/docker.py run \ $(if $(NOUSER),,-u $(shell id -u)) -t \ + --security-opt seccomp=unconfined \
I think this should be an option in the matrix, and eventually run tests using userfaultfd() apart.
$(if $(UNCONFINED),,--security-opt seccomp=unconfined) I'm having the same problem with getcontext() using x32 ABI.
$(if $V,,--rm) \ $(if $(DEBUG),-i,--net=none) \ -e TARGET_LIST=$(TARGET_LIST) \
Regards, Phil.
[Prev in Thread] | Current Thread | [Next in Thread] |