diff options
author | Christophe Lyon <christophe.lyon@linaro.org> | 2017-02-13 14:01:34 +0000 |
---|---|---|
committer | Christophe Lyon <christophe.lyon@linaro.org> | 2017-02-13 15:33:10 +0000 |
commit | 7fef9983c489a2fc8dd354f61bfb672748511c60 (patch) | |
tree | 798a5c4fa1c7f47007f0228e95b4adfa3abf6566 | |
parent | b139d2cc931efb5c2699e2d46ce2ba044f8fd4e6 (diff) |
start-container-docker.sh: Use --security-opt seccomp:unconfined
This docker flag reduces security, but is currently needed because
GCC's libgo configure has a test that aborts otherwise.
See test 'whether setcontext clobbers TLS variables'.
Do this on i386 only, since the problem appeared only on this arch.
Change-Id: I9b01df3cc6e407923d2adc509f6f15055f12d920
-rwxr-xr-x | start-container-docker.sh | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/start-container-docker.sh b/start-container-docker.sh index dd609951..e9e988f5 100755 --- a/start-container-docker.sh +++ b/start-container-docker.sh @@ -109,9 +109,17 @@ esac DOCKER="docker -H $session_host:2375" $DOCKER pull $image +SECURITY= +case ${container_arch} in + i386) + SECURITY="--security-opt seccomp:unconfined" + ;; +esac + session_id=$($DOCKER run --name $session_name -dtP \ -v $HOME/snapshots-ref:$HOME/snapshots-ref:ro \ -v $WORKSPACE:$WORKSPACE \ + ${SECURITY} \ --memory=7500M --pids-limit=5000 \ $image) |