Permissioned docker (--cap-add SYS_ADMIN) to run wine #654
Comments
|
Sanitizers work, so it seems that For reference, the https://cirrus-ci.com/task/6559175952039936?command=ci#L3810 |
maflcko
changed the title
|
@MarcoFalke what is |
|
Our software is cross compiled from Linux to Windows, and to test the binaries on the OS that compiled them, we statically link all libraries into the exe file and use https://packages.debian.org/bullseye/wine64 to translate the windows API to the POSIX API. When running our ci scripts locally (or on travis), we start the docker container with the SYS_ADMIN permissions ( https://github.com/bitcoin/bitcoin/blob/007e15dcd7f8b42501e31cc36343655c53027077/ci/test/04_install.sh#L30 ). Though, this is not possible on cirrus ci, as the docker container is started by the cirrus ci engine and not the ci script. |
|
I wonder if there is a need for customization of the docker capabilities then or just enabling |
|
Maybe Cirrus can just add |
|
Decided to go with |
|
Is there a badge available in the web view to see if a container is privileged? It doesn't seem to work for me here |
I believe that cirrus ci uses docker containers, when a container like
container: ubuntu:focalis specified.It would be useful if the container was started with additional permissions like:
--cap-add SYS_ADMINto runwine--cap-add SYS_PTRACEto run sanitizers. See e.g. LeakSanitizer has encountered a fatal error google/sanitizers#764 (comment)I tried setting
kvm: trueto see if this has any effect, but it doesn't appear so. Is kvm not available on the community cluster? https://cirrus-ci.org/guide/linux/#kvm-enabled-privileged-containersThe text was updated successfully, but these errors were encountered: