diff --git a/CHANGELOG.md b/CHANGELOG.md index e9dc9e3..eceeaf1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines. +## 0.38.0 (2023-07-28) + + +### Features + +* Add cbuild flag --seccomp-unconfined + ## 0.37.0 (2023-07-27) diff --git a/tools/cbuild b/tools/cbuild index c9afe42..aadf30b 100755 --- a/tools/cbuild +++ b/tools/cbuild @@ -48,6 +48,7 @@ USAGE --without-shared-cache Containers will not mount ${HOME}/.cache/bazel --without-embedded-docker Disable docker client within container --docker-network Specify docker network type or name, value passed to docker run --network + --seccomp-unconfined Run docker container without a seccomp profile --verbose Enable verbose output Environment variables (all optional): @@ -67,6 +68,7 @@ USAGE WITH_SHARED_CACHE=1 WITH_DOCKER_SOCK=1 DOCKER_NETWORK=bridge +DOCKER_SECCOMP_UNCONFINED=0 while [[ $# -gt 0 ]]; do case "$1" in @@ -94,6 +96,10 @@ while [[ $# -gt 0 ]]; do DOCKER_NETWORK="$2" shift 2 || usage ;; + --seccomp-unconfined) + DOCKER_SECCOMP_UNCONFINED=1 + shift + ;; --verbose) VERBOSE=1 shift @@ -145,6 +151,10 @@ DOCKER_RUN_ARGS+=( "$(echo "${EXTRA_DOCKER_RUN_ARGS}" | envsubst)" ) +if [[ ${DOCKER_SECCOMP_UNCONFINED} -eq 1 ]]; then + DOCKER_RUN_ARGS+=("--security-opt=seccomp=unconfined") +fi + # inside the docker build images, /bazel_root is the bazel cache dir, per the system-wide bazelrc readonly BAZEL_ROOT=/bazel_root if [[ ${WITH_SHARED_CACHE} -eq 0 ]]; then diff --git a/version.txt b/version.txt index e095beb..095a108 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -0.37.0 \ No newline at end of file +0.38.0 \ No newline at end of file