ASLR disable failed: EPERM: Operation not permitted

[TriplEight]

Exactly the same as in #146, getting this error in GitLab's docker runner.
Is there a way to get the report in docker without lowering the security?

[xd009642]

Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it

[TriplEight]

and no way to avoid it with say, --no-run and then generate reports based on artefacts in CARGO-TARGET-DIR, which can be out of the container?

[xd009642]

well if you don't run the tests you can't collect coverage on them... I suppose you could do no-run then copy the entire target directory out and tarpaulin might not have to rebuild the tests before running them. I haven't tried that, it's not really a "normal" workflow

[TriplEight]

currently tarpaulin works better for me than grcov. But I can't afford lowering security due to the open pipelines we have, so unfortunately will have to stick with the latter.

[xd009642]

If you could use your CI without docker that might be an alternative option, but yeah unfortunately with docker there's no way without lowering the security policy

[TriplEight]

There should be something else.
I'm trying to run in local docker and during the tests execution got some

/builds/target/debug/deps/<some dependency>: error while loading shared libraries: libtest-982f95e7e2b65d75.so: cannot open shared object file: No such file or directory

And

[DEBUG tarpaulin] Instrumentation address clash, ignoring 0x4962f0

And Error: "Test failed during run" in the end.

The command to run docker: docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin
and inside:

git clone https://github.com/paritytech/ink .
docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin

[TriplEight]

OK, this is weird, but +nightly saved my day, despite I have

# rustup default
nightly-2020-04-07-x86_64-unknown-linux-gnu (default)

[xd009642]

hmm that might be solved by a new PR that was merged on develop otherwise I'm not really sure. Also I'm not fully sure what is in your tarpaulin tagged image anyway so couldn't be much help in that respect.

[TriplEight]

I just wanted to provide you with a way to reproduce.

Also I'm not fully sure what is in your tarpaulin tagged image

Here it is: https://github.com/paritytech/scripts/blob/tarpaulin/dockerfiles/ink-ci-linux/Dockerfile

[TriplEight]

I was researching a bit further and found that docker actually allows ptrace on default seccomp profile since v19.03.8, on 4.8+ kernels.
But couldn't make tarpaulin work with this. The error is still the same.

Also tried podman and no luck so far.
cc #146

[xd009642]

Ah so I was a bit imprecise in my wording. For ptrace to work I need to disable ASLR using the personality system call. As ASLR is a security measure implemented in the kernel that's what specifically needs the lowering

[TriplEight]

Thanks for the clarification. Then it can't be helped without altering the host or the way containers are run. What a pity!

[xd009642]

Yeah it's a shame but it seems to be something that can't be solved. I'm going to close this issue but if you have anymore questions just let me know

[GCSBOSS]

This might just be useful to GitLab user passers by:
https://www.collabora.com/news-and-blog/blog/2021/03/24/rust-integrating-llvm-source-base-code-coverage-with-gitlab/

[ismailhkose]

Did you try cargo tarpaulin --engine Llvm?