[7.4] c3b25cfb3 Run docker without seccomp rules.
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Fri Jun 21 13:42:15 UTC 2024
commit c3b25cfb34db4c223b6fcb34e2ae49890b2b618a
Author: Simon Stridsberg <simon.stridsberg at varnish-software.com>
Date: Fri Mar 15 08:08:31 2024 +0100
Run docker without seccomp rules.
Ubuntu noble tries to use `fchmodat2` (new syscall) and gets permission denied instead of ENOSYS.
This is a small security risk but it's running inside of circleci containers anyway so i think its acceptable.
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 3af5f35c5..e72147f5d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -186,6 +186,7 @@ jobs:
docker run \
--rm \
-it \
+ --security-opt seccomp=unconfined \
-e PARAM_DIST=$(echo "<< parameters.platform >>" | cut -d: -f1) \
-e PARAM_RELEASE=$(echo "<< parameters.platform >>" | cut -d: -f2) \
-v$(pwd):/varnish-cache \
More information about the varnish-commit
mailing list