-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ASLR disable failed: EPERM: Operation not permitted
#406
Comments
Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it |
and no way to avoid it with say, |
well if you don't run the tests you can't collect coverage on them... I suppose you could do no-run then copy the entire target directory out and tarpaulin might not have to rebuild the tests before running them. I haven't tried that, it's not really a "normal" workflow |
currently |
If you could use your CI without docker that might be an alternative option, but yeah unfortunately with docker there's no way without lowering the security policy |
There should be something else.
And
And The command to run docker:
|
OK, this is weird, but
|
hmm that might be solved by a new PR that was merged on develop otherwise I'm not really sure. Also I'm not fully sure what is in your tarpaulin tagged image anyway so couldn't be much help in that respect. |
I just wanted to provide you with a way to reproduce.
Here it is: https://github.com/paritytech/scripts/blob/tarpaulin/dockerfiles/ink-ci-linux/Dockerfile |
I was researching a bit further and found that docker actually allows Also tried |
Ah so I was a bit imprecise in my wording. For ptrace to work I need to disable ASLR using the personality system call. As ASLR is a security measure implemented in the kernel that's what specifically needs the lowering |
Thanks for the clarification. Then it can't be helped without altering the host or the way containers are run. What a pity! |
Yeah it's a shame but it seems to be something that can't be solved. I'm going to close this issue but if you have anymore questions just let me know |
This might just be useful to GitLab user passers by: |
Did you try |
Exactly the same as in #146, getting this error in GitLab's docker runner.
Is there a way to get the report in docker without lowering the security?
The text was updated successfully, but these errors were encountered: