Re: Changes to GitLab runners configuration
On Sat, Mar 21, 2020 at 1:21 pm, Christian Hergert wrote: Those words sound incompatible to me in the same way that if you have access to Linux's perf, you can sniff pretty much any data you want on the system. We're talking about CI runners... we only need privileged access inside the container running our CI, not outside it. Yes? ___ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
Re: Changes to GitLab runners configuration
On 3/21/20 12:09 PM, Philip Chimento via desktop-devel-list wrote: > > I'd really appreciate if we could find a way to have the unprivileged > runners have CAP_SYS_PTRACE added to them. Those words sound incompatible to me in the same way that if you have access to Linux's perf, you can sniff pretty much any data you want on the system. -- Christian ___ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
Re: Changes to GitLab runners configuration
On Sat, Mar 21, 2020 at 6:47 AM Michael Catanzaro wrote: > On Fri, Mar 20, 2020 at 8:20 pm, philip.chime...@gmail.com wrote: > > Has anyone managed to get lsan/asan to work without CAP_SYS_PTRACE > > yet or otherwise have any suggestions on what would need to be done > > to support it in an unprivileged setup? > > I marked my CI as privileged: > That I've also done, but it's not a good solution since the job still won't work on contributors' forks. I guess it's a slight improvement that contributors will now have their merge requests timeout instead of fail outright: https://gitlab.gnome.org/ptomato/gjs/-/commit/5621258ec5f81a3c389b49148faafc7c9f5c454f/pipelines?ref=tag-lsan-jobs But it's still confusing to contributors and it still means that I have to merge everything manually. I'd really appreciate if we could find a way to have the unprivileged runners have CAP_SYS_PTRACE added to them. Cheers, -- Philip C ___ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
Re: Changes to GitLab runners configuration
On Fri, Mar 20, 2020 at 8:20 pm, philip.chime...@gmail.com wrote: Has anyone managed to get lsan/asan to work without CAP_SYS_PTRACE yet or otherwise have any suggestions on what would need to be done to support it in an unprivileged setup? I marked my CI as privileged: https://gitlab.gnome.org/GNOME/glib-networking/-/commit/0a7b0d3b112e3d14f238c0179166a74b48e44dfc ___ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list