From 64fa440c697b9b8e96e14e33f7e79c6674c5b1a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Ekstr=C3=B6m?= <jeebjp@gmail.com>
Date: Sat, 2 Oct 2021 19:20:36 +0300
Subject: github/workflows: disable seccomp for linux native CI

This CI builder bases on openSUSE Tumbleweed, and recently had
its glibc updated. This led to new syscalls such as 'clone3' not
being allowed through the security layer.

Can be reverted after Github Actions updates their security policy.

actions/virtual-environments#3812
---
 .github/workflows/build.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b643f5e3ba..aaafa02757 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -72,6 +72,10 @@ jobs:
     runs-on: "ubuntu-20.04"
     container:
       image: "registry.cirno.systems/kiwi/containers/mpv-ci:stable-deps"
+      # Disable seccomp until a container manager in GitHub recognizes
+      # clone3() syscall,
+      # <https://github.com/actions/virtual-environments/issues/3812>.
+      options: --security-opt seccomp=unconfined
       env:
         CC: "${{ matrix.cc }}"
     strategy:
-- 
cgit v1.2.3