[6.0] 31c4e87e3 Run docker without seccomp rules.
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Fri Jun 21 13:43:11 UTC 2024
commit 31c4e87e356aa47f2259217486327bb993cc6038
Author: Simon Stridsberg <simon.stridsberg at varnish-software.com>
Date: Fri Mar 15 08:08:31 2024 +0100
Run docker without seccomp rules.
Ubuntu noble tries to use `fchmodat2` (new syscall) and gets permission denied instead of ENOSYS.
This is a small security risk but it's running inside of circleci containers anyway so i think its acceptable.
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 088c2aca5..a9b6c5cc4 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -185,6 +185,7 @@ jobs:
docker run \
--rm \
-it \
+ --security-opt seccomp=unconfined \
-e PARAM_DIST=$(echo "<< parameters.platform >>" | cut -d: -f1) \
-e PARAM_RELEASE=$(echo "<< parameters.platform >>" | cut -d: -f2) \
-v$(pwd):/varnish-cache \
More information about the varnish-commit
mailing list