gitlab: use custom docker:dind image

[libvirt PATCH] gitlab: use custom docker:dind image

Daniel P. Berrangé posted 1 patch 2 years, 9 months ago

Download mbox

Test syntax-check failed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210729103630.3056881-1-berrange@redhat.com

.gitlab-ci.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Expand all Fold all

[libvirt PATCH] gitlab: use custom docker:dind image

Posted by Daniel P. Berrangé 2 years, 9 months ago

The current docker:dind container has broken default seccomp filter that
results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.

This custom image has a workaround that causes the seccomp filter to
return ENOSYS for clone3 instad of EPERM, thus triggering glibc to
fallback to clone correctly.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 344ecdf3ba..d1609c260d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,7 +21,8 @@ stages:
   stage: containers
   needs: []
   services:
-    - docker:dind
+    - name: registry.gitlab.com/libvirt/libvirt-ci/docker-dind:master
+      alias: docker
   rules:
     - if: "$TEMPORARILY_DISABLED"
       allow_failure: true
-- 
2.31.1

Re: [libvirt PATCH] gitlab: use custom docker:dind image

Posted by Erik Skultety 2 years, 9 months ago

On Thu, Jul 29, 2021 at 11:36:30AM +0100, Daniel P. Berrangé wrote:
> The current docker:dind container has broken default seccomp filter that
> results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.
> 
> This custom image has a workaround that causes the seccomp filter to
> return ENOSYS for clone3 instad of EPERM, thus triggering glibc to
> fallback to clone correctly.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
Reviewed-by: Erik Skultety <eskultet@redhat>