Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-22 05:11:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

ci: allow unrestricted user namespaces in image builds (#3587)

Browse Source 
Since Ubuntu 23.10, creating namespaces, e.g. via `unshare`, requires
privileges. Since `unshare` is used by `mkosi` in our image build
pipeline, we need to re-enable them explicitly here before building the
image, aligning with the behavior before Ubuntu 23.10.
This commit is contained in:
Moritz Sanft 2025-01-17 09:36:48 +01:00 committed by GitHub
parent 0272e7dd15
commit 6ba47d5634
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/build-os-image.yml vendored
View File

@ -167,6 +167,12 @@ jobs:
with: with:
clouds_yaml: ${{ secrets.STACKIT_IMAGE_UPLOAD_CLOUDS_YAML }} clouds_yaml: ${{ secrets.STACKIT_IMAGE_UPLOAD_CLOUDS_YAML }}
- name: Allow unrestricted user namespaces
shell: bash
run: |
sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0
- name: Build and upload - name: Build and upload
id: build id: build
shell: bash shell: bash