ci: make the build dir accessible when running w/o privileges

Otherwise the unprivileged part of test-execute gets silently skipped:

/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.

diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index c1a5ede38332503e620df0b72a404304d5ce5a79..a4163960216384329a22052f298cc2a0d5cdf1a3 100755 (executable)
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -53,6 +53,11 @@ for phase in "${PHASES[@]}"; do
             apt-get -y build-dep systemd
             apt-get -y install "${ADDITIONAL_DEPS[@]}"
             pip3 install -r .github/workflows/requirements.txt --require-hashes
+
+            # Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
+            # part of test-execute gets skipped, since it can't run systemd-executor
+            chmod o+x /home/runner
+            capsh --drop=all -- -c "stat $PWD/meson.build"
             ;;
         RUN|RUN_GCC|RUN_CLANG|RUN_CLANG_RELEASE)
             if [[ "$phase" =~ ^RUN_CLANG ]]; then