Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASLR disable failed: EPERM: Operation not permitted #406

Closed
TriplEight opened this issue Apr 28, 2020 · 15 comments
Closed

ASLR disable failed: EPERM: Operation not permitted #406

TriplEight opened this issue Apr 28, 2020 · 15 comments

Comments

@TriplEight
Copy link
Contributor

Exactly the same as in #146, getting this error in GitLab's docker runner.
Is there a way to get the report in docker without lowering the security?

@xd009642
Copy link
Owner

Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it

@TriplEight
Copy link
Contributor Author

and no way to avoid it with say, --no-run and then generate reports based on artefacts in CARGO-TARGET-DIR, which can be out of the container?

@xd009642
Copy link
Owner

well if you don't run the tests you can't collect coverage on them... I suppose you could do no-run then copy the entire target directory out and tarpaulin might not have to rebuild the tests before running them. I haven't tried that, it's not really a "normal" workflow

@TriplEight
Copy link
Contributor Author

currently tarpaulin works better for me than grcov. But I can't afford lowering security due to the open pipelines we have, so unfortunately will have to stick with the latter.

@xd009642
Copy link
Owner

If you could use your CI without docker that might be an alternative option, but yeah unfortunately with docker there's no way without lowering the security policy

@TriplEight
Copy link
Contributor Author

TriplEight commented Apr 29, 2020

There should be something else.
I'm trying to run in local docker and during the tests execution got some

/builds/target/debug/deps/<some dependency>: error while loading shared libraries: libtest-982f95e7e2b65d75.so: cannot open shared object file: No such file or directory

And

[DEBUG tarpaulin] Instrumentation address clash, ignoring 0x4962f0

And Error: "Test failed during run" in the end.

The command to run docker: docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin
and inside:

git clone https://github.com/paritytech/ink .
docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin

@TriplEight
Copy link
Contributor Author

OK, this is weird, but +nightly saved my day, despite I have

# rustup default
nightly-2020-04-07-x86_64-unknown-linux-gnu (default)

@xd009642
Copy link
Owner

hmm that might be solved by a new PR that was merged on develop otherwise I'm not really sure. Also I'm not fully sure what is in your tarpaulin tagged image anyway so couldn't be much help in that respect.

@TriplEight
Copy link
Contributor Author

I just wanted to provide you with a way to reproduce.

Also I'm not fully sure what is in your tarpaulin tagged image

Here it is: https://github.com/paritytech/scripts/blob/tarpaulin/dockerfiles/ink-ci-linux/Dockerfile

@TriplEight
Copy link
Contributor Author

TriplEight commented May 7, 2020

I was researching a bit further and found that docker actually allows ptrace on default seccomp profile since v19.03.8, on 4.8+ kernels.
But couldn't make tarpaulin work with this. The error is still the same.

Also tried podman and no luck so far.
cc #146

@xd009642
Copy link
Owner

xd009642 commented May 8, 2020

Ah so I was a bit imprecise in my wording. For ptrace to work I need to disable ASLR using the personality system call. As ASLR is a security measure implemented in the kernel that's what specifically needs the lowering

@TriplEight
Copy link
Contributor Author

Thanks for the clarification. Then it can't be helped without altering the host or the way containers are run. What a pity!

@xd009642
Copy link
Owner

Yeah it's a shame but it seems to be something that can't be solved. I'm going to close this issue but if you have anymore questions just let me know

@GCSBOSS
Copy link

GCSBOSS commented May 24, 2021

@ismailhkose
Copy link

ismailhkose commented Apr 21, 2024

Did you try cargo tarpaulin --engine Llvm?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants