From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 6 Mar 2024 14:04:22 +0000 (+0100)
Subject: ci: make the build dir accessible when running w/o privileges
X-Git-Tag: v256-rc1~620^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c538fecc617d7a5fe0048b1df49f69dead92353f;p=thirdparty%2Fsystemd.git

ci: make the build dir accessible when running w/o privileges

Otherwise the unprivileged part of test-execute gets silently skipped:

/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
---

diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index c1a5ede3833..a4163960216 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -53,6 +53,11 @@ for phase in "${PHASES[@]}"; do
             apt-get -y build-dep systemd
             apt-get -y install "${ADDITIONAL_DEPS[@]}"
             pip3 install -r .github/workflows/requirements.txt --require-hashes
+
+            # Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
+            # part of test-execute gets skipped, since it can't run systemd-executor
+            chmod o+x /home/runner
+            capsh --drop=all -- -c "stat $PWD/meson.build"
             ;;
         RUN|RUN_GCC|RUN_CLANG|RUN_CLANG_RELEASE)
             if [[ "$phase" =~ ^RUN_CLANG ]]; then