aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows/ci.yml
diff options
context:
space:
mode:
authorJia Tan <jiat0218@gmail.com>2023-10-24 00:50:08 +0800
committerJia Tan <jiat0218@gmail.com>2023-10-24 00:50:08 +0800
commit5e3d890f8862a7d4fbef5e38e11b6c9fbd98f468 (patch)
tree561269ccece05bc6dea24b6c901eaf7ec7d49b11 /.github/workflows/ci.yml
parentCI: Allow disabling the sandbox in ci_build.sh. (diff)
downloadxz-5e3d890f8862a7d4fbef5e38e11b6c9fbd98f468.tar.xz
CI: Disable sandboxing in fsanitize=address,undefined job.
The sandboxing on Linux now supports Landlock, which restricts all supported filesystem actions after xz opens the files it needs. The sandbox is only enabled when one file is input and we are writing to standard out. With fsanitize=address,undefined, the instrumentation needs to read additional files after the sandbox is in place. This forces all xz based test to fail, so the sandbox must instead be disabled.
Diffstat (limited to '.github/workflows/ci.yml')
-rw-r--r--.github/workflows/ci.yml8
1 files changed, 6 insertions, 2 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b5582a74..0ab27beb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -80,13 +80,17 @@ jobs:
# ifunc must be disabled for this test because __attribute__ ifunc is
# incompatible with -fsanitize=address.
+ #
+ # The sandbox must also be disabled because it will prevent access to
+ # the /proc/ filesystem on Linux, which is used by the sanitizer's
+ # instrumentation.
- name: Build with -fsanitize=address,undefined
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
- run: ./build-aux/ci_build.sh -b autotools -p build -f "-fsanitize=address,undefined" -d ifunc
+ run: ./build-aux/ci_build.sh -b autotools -p build -f "-fsanitize=address,undefined" -d ifunc,sandbox
- name: Test with -fsanitize=address,undefined
if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
run: |
- ./build-aux/ci_build.sh -b autotools -p test -f "-fsanitize=address,undefined" -d ifunc
+ ./build-aux/ci_build.sh -b autotools -p test -f "-fsanitize=address,undefined" -d ifunc,sandbox
cd ../xz_build && make distclean
- name: Build with full features