From 38b4c4cbba3fb151fcebd7dc88350075bb1599d3 Mon Sep 17 00:00:00 2001 From: igolaizola <11333576+igolaizola@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:42:10 +0100 Subject: [PATCH] ci: disable AppArmor on daily and static workflows AppArmor was disabled in CI workflows, but it was not disabled in the daily and static workflows. References #512 --- .github/workflows/daily.yml | 12 ++++++++++++ .github/workflows/static.yml | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml index 2ba9ce34..91af7ce5 100644 --- a/.github/workflows/daily.yml +++ b/.github/workflows/daily.yml @@ -19,6 +19,12 @@ jobs: test: runs-on: ubuntu-latest steps: + - name: Disable AppArmor + if: runner.os == 'Linux' + run: | + # Disable AppArmor for Ubuntu 23.10+. + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: @@ -41,6 +47,12 @@ jobs: test-dev: runs-on: ubuntu-latest steps: + - name: Disable AppArmor + if: runner.os == 'Linux' + run: | + # Disable AppArmor for Ubuntu 23.10+. + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns - uses: actions/checkout@v4 with: ref: dev diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index bbc03b39..6ea76ab6 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -22,6 +22,12 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest steps: + - name: Disable AppArmor + if: runner.os == 'Linux' + run: | + # Disable AppArmor for Ubuntu 23.10+. + # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md + echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns - name: Checkout uses: actions/checkout@v4 - name: Setup Pages