github/workflows: disable seccomp for linux native CI

This CI builder bases on openSUSE Tumbleweed, and recently had its glibc updated. This led to new syscalls such as 'clone3' not being allowed through the security layer. Can be reverted after Github Actions updates their security policy. actions/runner-images#3812
jeeb · Oct 2, 2021 · 64fa440 · 64fa440
1 parent 0862664
commit 64fa440
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -72,6 +72,10 @@ jobs:
     runs-on: "ubuntu-20.04"
     container:
       image: "registry.cirno.systems/kiwi/containers/mpv-ci:stable-deps"
+      # Disable seccomp until a container manager in GitHub recognizes
+      # clone3() syscall,
+      # <https://github.com/actions/virtual-environments/issues/3812>.
+      options: --security-opt seccomp=unconfined
       env:
         CC: "${{ matrix.cc }}"
     strategy: