cmd/rundockerbuildlet: set --security-opt=seccomp=unconfined in containers
This fixes race tests; the thread sanitizer needs to check its
personality, which seccomp defaults prevent apparently.
Updates golang/go#35547 (needs to be deployed first, then bug can be closed)
Change-Id: I8b87618f63ef2b7a75b72290098c09bf04298d86
Reviewed-on: https://go-review.googlesource.com/c/build/+/214919
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
diff --git a/cmd/rundockerbuildlet/rundockerbuildlet.go b/cmd/rundockerbuildlet/rundockerbuildlet.go
index 4d0ff12..c437b08 100644
--- a/cmd/rundockerbuildlet/rundockerbuildlet.go
+++ b/cmd/rundockerbuildlet/rundockerbuildlet.go
@@ -187,6 +187,7 @@
"--name="+name,
"-v", filepath.Dir(keyFile)+":/buildkey/",
"-e", "HOSTNAME="+name,
+ "--security-opt=seccomp=unconfined", // Issue 35547
"--tmpfs=/workdir:rw,exec")
if *memory != "" {
cmd.Args = append(cmd.Args, "--memory="+*memory)