internal/pkg: allow devel syscalls
All checks were successful
Test / Create distribution (push) Successful in 1m0s
Test / Sandbox (push) Successful in 2m47s
Test / Hakurei (push) Successful in 4m0s
Test / ShareFS (push) Successful in 4m1s
Test / Hpkg (push) Successful in 4m30s
Test / Sandbox (race detector) (push) Successful in 5m9s
Test / Hakurei (race detector) (push) Successful in 6m12s
Test / Flake checks (push) Successful in 1m58s
All checks were successful
Test / Create distribution (push) Successful in 1m0s
Test / Sandbox (push) Successful in 2m47s
Test / Hakurei (push) Successful in 4m0s
Test / ShareFS (push) Successful in 4m1s
Test / Hpkg (push) Successful in 4m30s
Test / Sandbox (race detector) (push) Successful in 5m9s
Test / Hakurei (race detector) (push) Successful in 6m12s
Test / Flake checks (push) Successful in 1m58s
This is required by the GLib test suite, and possibly others. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -388,7 +388,8 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
|
|||||||
|
|
||||||
z := container.New(ctx, f.GetMessage())
|
z := container.New(ctx, f.GetMessage())
|
||||||
z.WaitDelay = execWaitDelay
|
z.WaitDelay = execWaitDelay
|
||||||
z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
|
z.SeccompPresets |= std.PresetStrict &
|
||||||
|
^(std.PresetDenyNS | std.PresetDenyDevel)
|
||||||
z.SeccompFlags |= seccomp.AllowMultiarch
|
z.SeccompFlags |= seccomp.AllowMultiarch
|
||||||
z.ParentPerm = 0700
|
z.ParentPerm = 0700
|
||||||
z.HostNet = hostNet
|
z.HostNet = hostNet
|
||||||
|
|||||||
Reference in New Issue
Block a user