Add clone3-workaround to bootstrapper build container

The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.

.github/actions/build_bootstrapper/action.yml

@@ -3,12 +3,12 @@ description: Build the Constellation bootstrapper binary
 
 inputs:
   outputPath:
-    description: 'Output path of the binary'
-    default: './bootstrapper'
+    description: "Output path of the binary"
+    default: "./bootstrapper"
     required: true
 
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6
@@ -16,7 +16,7 @@ runs:
     - name: Install Dependencies
       shell: bash
       run: sudo apt-get update && sudo apt-get -y install cmake make
-    
+
     - name: Build the bootstrapper
       shell: bash
       run: |

.github/workflows/e2e-test-azure-weekly.yml

@@ -14,7 +14,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

.github/workflows/e2e-test-azure.yml

@@ -9,7 +9,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
@@ -42,7 +41,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

.github/workflows/e2e-test-gcp-weekly.yml

@@ -14,7 +14,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

.github/workflows/e2e-test-gcp.yml

@@ -9,7 +9,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
@@ -42,7 +41,6 @@ jobs:
     runs-on: [self-hosted, edgserver]
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
-      options: --privileged
     steps:
       - name: Check out repository
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

Dockerfile.build

@@ -1,5 +1,13 @@
 FROM fedora@sha256:36af84ba69e21c9ef86a0424a090674c433b2b80c2462e57503886f1d823abe8 as build
 
+# This workaround is necessary since glibc in versions >= 2.34 are incompatible with docker versions <= 20.10.9.
+# Since the host ubuntu is running docker 20.10.7, this incompatibility becomes a problem.
+# The workaround binary is a small go program that adds a missing seccomp filter to all programs invoked through the
+# container's shell. More explanations can be found in the clone3-workaround repo and the blogpost linked in the repo.
+ADD https://github.com/AkihiroSuda/clone3-workaround/releases/download/v1.0.0/clone3-workaround.x86_64 /clone3-workaround
+RUN chmod 100 /clone3-workaround
+SHELL ["/clone3-workaround", "/bin/sh", "-c"]
+
 RUN dnf -y update && \
     dnf -y install @development-tools pkg-config iproute iputils wget git jq openssl-devel cryptsetup-libs cryptsetup-devel && \
     dnf clean all