Skip to content

Commit

Permalink
workflow: use podman build with unconfined seccomp
Browse files Browse the repository at this point in the history 
The `chmod` in Fedora 41 uses `fchmodat2`. This is allowed in the
default seccomp from containers/common vendored in e.g. podman v5+, but
here we're running on ubuntu-latest which right now is 22.04, which has
an ancient podman (v3.4.4). Even 24.04 is still on v4.

Anyway, no point in trying to lock this down here, so just run
unconfined.
  • Loading branch information
@jlebon
jlebon committed Nov 30, 2024
1 parent b3fab24 commit 2266ca5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
run: |
set -xeuo pipefail
n=${{ matrix.releasever }}
podman build --from $FEDORA_TOOLBOX:$n -t "${{ env.QUAY_BASE }}:f$n" .
podman build --security-opt=seccomp=unconfined --from $FEDORA_TOOLBOX:$n -t "${{ env.QUAY_BASE }}:f$n" .
- name: Push
run: |
set -xeuo pipefail
Expand Down

0 comments on commit 2266ca5

Please sign in to comment.