veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

ci(bluebuild): --security-opt label=disable + seccomp=unconfined for files module

Browse source 
BlueBuild's files module fails with 'chmod: Operation not permitted' on
its own bind-mounted /tmp/modules/files/files.sh when run under podman.
Disable SELinux relabeling + seccomp filter on the bluebuild CLI
container so its nested buildah can chmod inside layer mounts.
This commit is contained in:
obsidian-ai 2026-05-06 21:08:59 +01:00
parent e6aa2d14a8
commit a06f54dd79
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build-bluebuild.yml vendored
View file

@ -178,6 +178,8 @@ jobs:
podman run --rm \ podman run --rm \
--privileged \ --privileged \
--security-opt label=disable \
--security-opt seccomp=unconfined \
--entrypoint /usr/bin/bluebuild \ --entrypoint /usr/bin/bluebuild \
-v "$PWD:/work" \ -v "$PWD:/work" \
-v /var/lib/containers/storage:/var/lib/containers/storage \ -v /var/lib/containers/storage:/var/lib/containers/storage \