highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-05-12 23:13:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge bitcoin/bitcoin#35202: ci: restore sockets in i686, no IPC job

Browse Source 
11c9ef92a8 ci: unconfine seccomp for i686 no IPC (Lőrinc)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/issues/35199.

  ### Problem
  The `i686, no IPC` job [fails](https://github.com/bitcoin/bitcoin/actions/runs/25275669000/job/74105140405#step:11:2951) in `sock_tests` at the first [`socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)` call](52c3381fa8/src/test/sock_tests.cpp (L33)).

  The failing runner [uses Docker 29.4.2](https://github.com/bitcoin/bitcoin/actions/runs/25275669000/job/74105140405#step:7:81), while a comparable passing run [used Docker 29.4.1](https://github.com/bitcoin/bitcoin/actions/runs/25249734733/job/74039837293#step:7:81).

  The latest Docker [changed the default seccomp profile](https://docs.docker.com/engine/release-notes/29/#2942) to block `socketcall(2)`, and the Moby seccomp profile documents the explicit `socketcall` deny rule as returning [`ENOSYS`](https://github.com/moby/profiles/releases/tag/seccomp%2Fv0.2.2).

  A previous push attempted to skip only `sock_tests` - CI failed in `util_tests/test_LockDirectory` at `socketpair(...)`, which shows the problem is not isolated to one unit test:
  https://github.com/bitcoin/bitcoin/actions/runs/25281552739/job/74119501960?pr=35202

  ### Fix
  Add Docker's documented [`--security-opt seccomp=unconfined`](https://docs.docker.com/engine/security/seccomp/#run-without-the-default-seccomp-profile) option to the `i686, no IPC` job through [CI_CONTAINER_CAP](fab73e213d/ci/test/02_run_container.py (L137)).

  This is broader than a test skip, but it is limited to the affected CI job and restores socket syscall availability for the full unit and functional test run.

ACKs for top commit:
  kevkevinpal:
    ACK [11c9ef9](11c9ef92a8)
  maflcko:
    lgtm ACK 11c9ef92a8
  sedited:
    Nice, ACK 11c9ef92a8
  enirox001:
    ACK 11c9ef92a8

Tree-SHA512: 8db87ad1e93144a58282ecf3e16a0bf7ae9d685f339b31bc8369a2ed6ecd28d87b48730e4db87baf8cb4dad088acb38ab676582ccba74cd4cbe3913bfbee3e0c
This commit is contained in:
merge-script
2026-05-04 21:51:09 +01:00
parent 224120bf12 11c9ef92a8
commit 999e9dbfb4
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ci/test/00_setup_env_i686_no_ipc.sh
View File

@@ -10,6 +10,7 @@ export HOST=i686-pc-linux-gnu
export CONTAINER_NAME=ci_i686_no_multiprocess
export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"
export CI_IMAGE_PLATFORM="linux/amd64"
export CI_CONTAINER_CAP="--security-opt seccomp=unconfined"
export PACKAGES="llvm clang g++-multilib"
export DEP_OPTS="DEBUG=1 NO_IPC=1"
export GOAL="install"