Libertine

Merge lp:~townsend/libertine/fix-proot-seccomp into lp:libertine

  1. fix-proot-seccomp
  2. Merge into devel
Proposed by Christopher Townsend
Status: Merged
Approved by: Larry Price
Approved revision: 340
Merged at revision: 340
Proposed branch: lp:~townsend/libertine/fix-proot-seccomp
Merge into: lp:libertine
Diff against target: 24 lines (+3/-4)
1 file modified
python/libertine/ChrootContainer.py (+3/-4)
To merge this branch: bzr merge lp:~townsend/libertine/fix-proot-seccomp
Reviewer Review Type Date Requested Status
Larry Price Approve
Libertine CI Bot continuous-integration Approve
Review via email: mp+312193@code.launchpad.net

Commit message

Need to disable seccomp for running any proot command in a chroot container.

To post a comment you must log in.
Revision history for this message
Libertine CI Bot (libertine-ci-bot) wrote :

PASSED: Continuous integration, rev:340
https://jenkins.canonical.com/libertine/job/lp-libertine-ci/241/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/libertine/job/build/504
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=vivid+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=xenial+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=zesty,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=vivid+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=xenial+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=zesty,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-0-fetch/514
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=vivid+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=vivid+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=xenial+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=xenial+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=zesty/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=zesty/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=vivid+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=vivid+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=xenial+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=xenial+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=zesty/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=zesty/498/artifact/output/*zip*/output.zip

Click here to trigger a rebuild:
https://jenkins.canonical.com/libertine/job/lp-libertine-ci/241/rebuild

review: Approve (continuous-integration)
Revision history for this message
Larry Price (larryprice) wrote :

snap city, here we come

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'python/libertine/ChrootContainer.py'
2--- python/libertine/ChrootContainer.py 2016-11-29 15:36:17 +0000
3+++ python/libertine/ChrootContainer.py 2016-11-30 19:20:54 +0000
4@@ -51,6 +51,9 @@
5 super().__init__(container_id)
6 self.container_type = "chroot"
7 self._window_manager = None
8+ # FIXME: Disabling seccomp is a temporary measure until we fully understand why we need
9+ # it or figure out when we need it.
10+ environ['PROOT_NO_SECCOMP'] = '1'
11 os.environ['FAKECHROOT_CMD_SUBST'] = '$FAKECHROOT_CMD_SUBST:/usr/bin/chfn=/bin/true'
12 os.environ['DEBIAN_FRONTEND'] = 'noninteractive'
13
14@@ -218,10 +221,6 @@
15 return proot_cmd
16
17 def start_application(self, app_exec_line, environ):
18- # FIXME: Disabling seccomp is a temporary measure until we fully understand why we need
19- # it or figure out when we need it.
20- environ['PROOT_NO_SECCOMP'] = '1'
21-
22 # Workaround issue where a custom dconf profile is on the machine
23 if 'DCONF_PROFILE' in environ:
24 del environ['DCONF_PROFILE']

Subscribers

People subscribed via source and target branches