Libertine

Merge lp:~townsend/libertine/fix-proot-seccomp into lp:libertine

  1. fix-proot-seccomp
  2. Merge into devel
Proposed by Christopher Townsend
Status: Merged
Approved by: Larry Price
Approved revision: 340
Merged at revision: 340
Proposed branch: lp:~townsend/libertine/fix-proot-seccomp
Merge into: lp:libertine
Diff against target: 24 lines (+3/-4)
1 file modified
python/libertine/ChrootContainer.py (+3/-4)
To merge this branch: bzr merge lp:~townsend/libertine/fix-proot-seccomp
Reviewer Review Type Date Requested Status
Larry Price Approve
Libertine CI Bot continuous-integration Approve
Review via email: mp+312193@code.launchpad.net

Commit message

Need to disable seccomp for running any proot command in a chroot container.

To post a comment you must log in.
Revision history for this message
Libertine CI Bot (libertine-ci-bot) wrote :

PASSED: Continuous integration, rev:340
https://jenkins.canonical.com/libertine/job/lp-libertine-ci/241/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/libertine/job/build/504
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=vivid+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=xenial+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=amd64,release=zesty,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=vivid+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=xenial+overlay,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/test-0-autopkgtest/label=i386,release=zesty,testname=default/397
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-0-fetch/514
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=vivid+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=vivid+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=xenial+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=xenial+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=zesty/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=amd64,release=zesty/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=vivid+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=vivid+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=xenial+overlay/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=xenial+overlay/498/artifact/output/*zip*/output.zip
    SUCCESS: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=zesty/498
        deb: https://jenkins.canonical.com/libertine/job/build-2-binpkg/arch=i386,release=zesty/498/artifact/output/*zip*/output.zip

Click here to trigger a rebuild:
https://jenkins.canonical.com/libertine/job/lp-libertine-ci/241/rebuild

review: Approve (continuous-integration)
Revision history for this message
Larry Price (larryprice) wrote :

snap city, here we come

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'python/libertine/ChrootContainer.py'
--- python/libertine/ChrootContainer.py 2016-11-29 15:36:17 +0000
+++ python/libertine/ChrootContainer.py 2016-11-30 19:20:54 +0000
@@ -51,6 +51,9 @@
51 super().__init__(container_id)51 super().__init__(container_id)
52 self.container_type = "chroot"52 self.container_type = "chroot"
53 self._window_manager = None53 self._window_manager = None
54 # FIXME: Disabling seccomp is a temporary measure until we fully understand why we need
55 # it or figure out when we need it.
56 environ['PROOT_NO_SECCOMP'] = '1'
54 os.environ['FAKECHROOT_CMD_SUBST'] = '$FAKECHROOT_CMD_SUBST:/usr/bin/chfn=/bin/true'57 os.environ['FAKECHROOT_CMD_SUBST'] = '$FAKECHROOT_CMD_SUBST:/usr/bin/chfn=/bin/true'
55 os.environ['DEBIAN_FRONTEND'] = 'noninteractive'58 os.environ['DEBIAN_FRONTEND'] = 'noninteractive'
5659
@@ -218,10 +221,6 @@
218 return proot_cmd221 return proot_cmd
219222
220 def start_application(self, app_exec_line, environ):223 def start_application(self, app_exec_line, environ):
221 # FIXME: Disabling seccomp is a temporary measure until we fully understand why we need
222 # it or figure out when we need it.
223 environ['PROOT_NO_SECCOMP'] = '1'
224
225 # Workaround issue where a custom dconf profile is on the machine224 # Workaround issue where a custom dconf profile is on the machine
226 if 'DCONF_PROFILE' in environ:225 if 'DCONF_PROFILE' in environ:
227 del environ['DCONF_PROFILE']226 del environ['DCONF_PROFILE']

Subscribers

People subscribed via source and target branches