start-container-docker.sh: Use --security-opt seccomp:unconfined

This docker flag reduces security, but is currently needed because GCC's libgo configure has a test that aborts otherwise. See test 'whether setcontext clobbers TLS variables'. Do this on i386 only, since the problem appeared only on this arch. Change-Id: I9b01df3cc6e407923d2adc509f6f15055f12d920
author: Christophe Lyon <christophe.lyon@linaro.org> 2017-02-13 14:01:34 +0000
committer: Christophe Lyon <christophe.lyon@linaro.org> 2017-02-13 15:33:10 +0000
commit: 7fef9983c489a2fc8dd354f61bfb672748511c60 (patch)
tree: 798a5c4fa1c7f47007f0228e95b4adfa3abf6566
parent: b139d2cc931efb5c2699e2d46ce2ba044f8fd4e6 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/start-container-docker.sh b/start-container-docker.sh
index dd609951..e9e988f5 100755
--- a/start-container-docker.sh
+++ b/start-container-docker.sh
@@ -109,9 +109,17 @@ esac
 DOCKER="docker -H $session_host:2375"
 $DOCKER pull $image
 
+SECURITY=
+case ${container_arch} in
+    i386)
+	SECURITY="--security-opt seccomp:unconfined"
+	;;
+esac
+
 session_id=$($DOCKER run --name $session_name -dtP \
 		 -v $HOME/snapshots-ref:$HOME/snapshots-ref:ro \
 		 -v $WORKSPACE:$WORKSPACE \
+		 ${SECURITY} \
 		 --memory=7500M --pids-limit=5000 \
 		 $image)
author	Christophe Lyon <christophe.lyon@linaro.org>	2017-02-13 14:01:34 +0000
committer	Christophe Lyon <christophe.lyon@linaro.org>	2017-02-13 15:33:10 +0000
commit	7fef9983c489a2fc8dd354f61bfb672748511c60 (patch)
tree	798a5c4fa1c7f47007f0228e95b4adfa3abf6566
parent	b139d2cc931efb5c2699e2d46ce2ba044f8fd4e6 (diff)