add seccomp=unconfined

2024-09-19 16:20:50 +00:00 · 2024-02-25 23:49:25 +01:00 · 2024-02-25 23:49:25 +01:00 · dc135294f0
commit dc135294f0
parent 3c5d6c4df0
6 changed files with 7 additions and 1 deletions
--- a/tests/ci/clickbench.py
+++ b/tests/ci/clickbench.py
@ -42,6 +42,7 @@ def get_run_command(
        f"{ci_logs_args}"
        f"--volume={result_path}:/test_output "
        f"--volume={server_log_path}:/var/log/clickhouse-server "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        f"--cap-add=SYS_PTRACE {env_str} {image}"
    )

--- a/tests/ci/fast_test_check.py
+++ b/tests/ci/fast_test_check.py
@ -37,9 +37,10 @@ def get_fasttest_cmd(
 ) -> str:
    return (
        f"docker run --cap-add=SYS_PTRACE --user={os.geteuid()}:{os.getegid()} "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        "--network=host "  # required to get access to IAM credentials
        f"-e FASTTEST_WORKSPACE=/fasttest-workspace -e FASTTEST_OUTPUT=/test_output "
-        f"-e FASTTEST_SOURCE=/ClickHouse --cap-add=SYS_PTRACE "
+        f"-e FASTTEST_SOURCE=/ClickHouse "
        f"-e FASTTEST_CMAKE_FLAGS='-DCOMPILER_CACHE=sccache' "
        f"-e PULL_REQUEST_NUMBER={pr_number} -e COMMIT_SHA={commit_sha} "
        f"-e COPY_CLICKHOUSE_BINARY_TO_OUTPUT=1 "
--- a/tests/ci/functional_test_check.py
+++ b/tests/ci/functional_test_check.py
@ -107,6 +107,7 @@ def get_run_command(
        f"{volume_with_broken_test}"
        f"--volume={result_path}:/test_output "
        f"--volume={server_log_path}:/var/log/clickhouse-server "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        f"--cap-add=SYS_PTRACE {env_str} {additional_options_str} {image}"
    )

--- a/tests/ci/libfuzzer_test_check.py
+++ b/tests/ci/libfuzzer_test_check.py
@ -81,6 +81,7 @@ def get_run_command(
        f"--volume={fuzzers_path}:/fuzzers "
        f"--volume={repo_path}/tests:/usr/share/clickhouse-test "
        f"--volume={result_path}:/test_output "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        f"--cap-add=SYS_PTRACE {env_str} {additional_options_str} {image}"
    )

--- a/tests/ci/sqllogic_test.py
+++ b/tests/ci/sqllogic_test.py
@ -42,6 +42,7 @@ def get_run_command(
        f"--volume={repo_tests_path}:/clickhouse-tests "
        f"--volume={result_path}:/test_output "
        f"--volume={server_log_path}:/var/log/clickhouse-server "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        f"--cap-add=SYS_PTRACE {image}"
    )

--- a/tests/ci/unit_tests_check.py
+++ b/tests/ci/unit_tests_check.py
@ -176,6 +176,7 @@ def main():

    run_command = (
        f"docker run --cap-add=SYS_PTRACE --volume={tests_binary}:/unit_tests_dbms "
+        "--security-opt seccomp=unconfined "  # required to issue io_uring sys-calls
        f"--volume={test_output}:/test_output {docker_image}"
    )