diff mbox series

[PULL,22/38] docker: Use unconfined security profile

Message ID	20170908095506.13594-23-famz@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 704304E4CA From: Fam Zheng <famz@redhat.com> To: qemu-devel@nongnu.org Date: Fri, 8 Sep 2017 17:54:50 +0800 Message-Id: <20170908095506.13594-23-famz@redhat.com> In-Reply-To: <20170908095506.13594-1-famz@redhat.com> References: <20170908095506.13594-1-famz@redhat.com> Subject: [Qemu-devel] [PULL 22/38] docker: Use unconfined security profile Precedence: list Cc: Peter Maydell <peter.maydell@linaro.org> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	[PULL,01/38] docker: ensure NOUSER for travis images \| expand [PULL,01/38] docker: ensure NOUSER for travis images [PULL,02/38] docker: docker.py make --no-cache skip checksum test [PULL,03/38] docker: don't install device-tree-compiler build-deps in travis.docker [PULL,04/38] docker: reduce noise when building travis.docker [PULL,05/38] docker: Update ubuntu image [PULL,06/38] docker: Enable features explicitly in test-full [PULL,07/38] tests/docker: Clean up paths [PULL,08/38] gitignore: Ignore vm test images [PULL,09/38] qemu.py: Add "wait()" method [PULL,10/38] scripts: Add archive-source.sh [PULL,11/38] tests: Add vm test lib [PULL,12/38] tests: Add ubuntu.i386 image [PULL,13/38] tests: Add FreeBSD image [PULL,14/38] tests: Add NetBSD image [PULL,15/38] tests: Add OpenBSD image [PULL,16/38] Makefile: Add rules to run vm tests [PULL,17/38] MAINTAINERS: Add tests/vm entry [PULL,18/38] tests: Add README for vm tests [PULL,19/38] docker: Use archive-source.py [PULL,20/38] docker: Fix return code of build_qemu() [PULL,21/38] docker: Add test_fail and prep_fail [PULL,22/38] docker: Use unconfined security profile [PULL,23/38] docker: Add nettle-devel to fedora image [PULL,24/38] docker: Add test-block [PULL,25/38] docker: Drop 'set -e' from run script [PULL,26/38] vl: Don't include vde header [PULL,27/38] buildsys: Move vde libs to per object [PULL,28/38] buildsys: Move gtk/vte cflags/libs to per object [PULL,29/38] buildsys: Move sdl cflags/libs to per object [PULL,30/38] buildsys: Move vnc cflags/libs to per object [PULL,31/38] buildsys: Move audio libs to per object [PULL,32/38] buildsys: Move curese cflags/libs to per object [PULL,33/38] buildsys: Move opengl cflags to per object [PULL,34/38] buildsys: Move libcacard cflags/libs to per object [PULL,35/38] buildsys: Move libusb cflags/libs to per object [PULL,36/38] buildsys: Move usb redir cflags/libs to per object [PULL,37/38] buildsys: Move brlapi libs to per object [PULL,38/38] buildsys: Move rdma libs to per object

Commit Message

Fam Zheng Sept. 8, 2017, 9:54 a.m. UTC

Some by default blocked syscalls are required to run tests for example
userfaultfd.

Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20170905025614.579-4-famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Based-on: 20170905021201.25684-1-famz@redhat.com
---
 tests/docker/Makefile.include | 1 +
 1 file changed, 1 insertion(+)

diff mbox series

Patch

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 4bb02b1bb5..0e4f159619 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -135,6 +135,7 @@  docker-run: docker-qemu-src
 	$(call quiet-command,						\
 		$(SRC_PATH)/tests/docker/docker.py run 			\
 			$(if $(NOUSER),,-u $(shell id -u)) -t 		\
+			--security-opt seccomp=unconfined		\
 			$(if $V,,--rm) 					\
 			$(if $(DEBUG),-i,)				\
 			$(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \