Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI broken (again) #4256

Closed
glitsj16 opened this issue May 7, 2021 · 4 comments
Closed

CI broken (again) #4256

glitsj16 opened this issue May 7, 2021 · 4 comments

Comments

@glitsj16
Copy link
Collaborator

glitsj16 commented May 7, 2021

Seeing several broken CI builds on the latest PR's.

For example: https://github.com/netblue30/firejail

/runs/2527146106?check_suite_focus=true#step:7:7731
make[1]: *** [Makefile:6: utils] Error 1
make[1]: Leaving directory '/home/runner/work/firejail/firejail/test'
make: *** [Makefile:246: test-utils] Error 2

@reinerh Can you make anything out of this? I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA!
@reinerh
Copy link
Collaborator

reinerh commented May 7, 2021 

TESTING: build (test/utils/build.exp)
spawn /bin/bash
echo testing > ~/firejail-test-file-7699
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ 
<est/utils$ echo testing > ~/firejail-test-file-7699    ����
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ 
<ils$ firejail --build cat ~/firejail-test-file-7699    ����
testing
--- Built profile beings after this line ---
# Save this file as "application.profile" (change "application" with the
# program name) in ~/.config/firejail directory. Firejail will find it
# automatically every time you sandbox your application.
#
# Run "firejail application" to test it. In the file there are
# some other commands you can try. Enable them by removing the "#".

# Firejail profile for cat
# Persistent local customizations
#include cat.local
# Persistent global definitions
#include globals.local

### Basic Blacklisting ###
### Enable as many of them as you can! A very important one is
### "disable-exec.inc". This will make among other things your home
### and /tmp directories non-executable.
include disable-common.inc
#include disable-devel.inc
#include disable-exec.inc
#include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
#include disable-xdg.inc

### Home Directory Whitelisting ###
### If something goes wrong, this section is the first one to comment out.
### Instead, you'll have to relay on the basic blacklisting above.
whitelist ${HOME}/firejail-test-file-7699
include whitelist-common.inc

### The Rest of the Filesystem ###
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
private-bin cat,
private-dev
#nodvd
#noinput
#notv
#nou2f
#novideo
private-etc none
private-tmp

### Security Filters ###
#apparmor
caps.drop all
netfilter
#nogroups
#noroot
nonewprivs
net none
seccomp
# seccomp.keep openat,mmap,fstat,close,mprotect,read,write,munmap,access,brk,readlink,getpid,arch_prctl,lseek,fadvise64,pread64,execve
# 17 syscalls total
# Probably you will need to add more syscalls to seccomp.keep. Look for
# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while
# running your sandbox.
#shell none
#tracelog
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ TESTING ERROR 2

build.exp test is failing, probably because of the --build related changes by @netblue30.
I guess the expected profile also needs to be adapted.

@reinerh
Copy link
Collaborator

reinerh commented May 7, 2021

I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA!

No problem, you can keep "bothering" me. ;-)
I can try to fix the test later, if no one beats me to it.

@kmk3
Copy link
Collaborator

kmk3 commented May 8, 2021
edited
Loading

@reinerh commented 14 hours ago:

build.exp test is failing, probably because of the --build related
changes by @netblue30.

To add to that, for reference, the earliest failing "Build CI" run on
/actions appears to be this one:

Latest working "Build CI" run:

@kmk3
Copy link
Collaborator

kmk3 commented May 11, 2021

@reinerh closed this in c69836c 6 hours ago

Thanks. I was considering opening a PR to disable the test, but this is a much
better outcome.

For future reference, these are the PRs that appear to have been affected by
this issue:

This was referenced May 23, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glitsj16 @reinerh @kmk3