mirror of https://git.tukaani.org/xz.git
CI: Disable sandboxing in fsanitize=address,undefined job.
The sandboxing on Linux now supports Landlock, which restricts all supported filesystem actions after xz opens the files it needs. The sandbox is only enabled when one file is input and we are writing to standard out. With fsanitize=address,undefined, the instrumentation needs to read additional files after the sandbox is in place. This forces all xz based test to fail, so the sandbox must instead be disabled.
This commit is contained in:
parent
b1408987ea
commit
5e3d890f88
|
@ -80,13 +80,17 @@ jobs:
|
||||||
|
|
||||||
# ifunc must be disabled for this test because __attribute__ ifunc is
|
# ifunc must be disabled for this test because __attribute__ ifunc is
|
||||||
# incompatible with -fsanitize=address.
|
# incompatible with -fsanitize=address.
|
||||||
|
#
|
||||||
|
# The sandbox must also be disabled because it will prevent access to
|
||||||
|
# the /proc/ filesystem on Linux, which is used by the sanitizer's
|
||||||
|
# instrumentation.
|
||||||
- name: Build with -fsanitize=address,undefined
|
- name: Build with -fsanitize=address,undefined
|
||||||
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
|
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
|
||||||
run: ./build-aux/ci_build.sh -b autotools -p build -f "-fsanitize=address,undefined" -d ifunc
|
run: ./build-aux/ci_build.sh -b autotools -p build -f "-fsanitize=address,undefined" -d ifunc,sandbox
|
||||||
- name: Test with -fsanitize=address,undefined
|
- name: Test with -fsanitize=address,undefined
|
||||||
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
|
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
|
||||||
run: |
|
run: |
|
||||||
./build-aux/ci_build.sh -b autotools -p test -f "-fsanitize=address,undefined" -d ifunc
|
./build-aux/ci_build.sh -b autotools -p test -f "-fsanitize=address,undefined" -d ifunc,sandbox
|
||||||
cd ../xz_build && make distclean
|
cd ../xz_build && make distclean
|
||||||
|
|
||||||
- name: Build with full features
|
- name: Build with full features
|
||||||
|
|
Loading…
Reference in New Issue