ci(bluebuild): --security-opt label=disable + seccomp=unconfined for files module
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + push OCI (push) Failing after 2h55m9s
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + push OCI (push) Failing after 2h55m9s
BlueBuild's files module fails with 'chmod: Operation not permitted' on its own bind-mounted /tmp/modules/files/files.sh when run under podman. Disable SELinux relabeling + seccomp filter on the bluebuild CLI container so its nested buildah can chmod inside layer mounts. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
claude-veilor-bot
parent
77aa6a7287
commit
cf27f80cd9
1 changed files with 2 additions and 0 deletions
2
.github/workflows/build-bluebuild.yml
vendored
2
.github/workflows/build-bluebuild.yml
vendored
|
|
@ -178,6 +178,8 @@ jobs:
|
|||
|
||||
podman run --rm \
|
||||
--privileged \
|
||||
--security-opt label=disable \
|
||||
--security-opt seccomp=unconfined \
|
||||
--entrypoint /usr/bin/bluebuild \
|
||||
-v "$PWD:/work" \
|
||||
-v /var/lib/containers/storage:/var/lib/containers/storage \
|
||||
|
|
|
|||
Loading…
Reference in a new issue