Closed ds-cbo closed 8 months ago
it is not a bug, this is a hard requirement yes, it could have been better advertise, probably yes my fault, that said we cannot make it smoother now, I have committer in freebsd the security.jail.mlock_allowed it will be in 13.3 and 14.1 and as soon as it is available in both, then we will be able to activate it only if properly supported, in the mean time I have no idea on how to better advertise for it.
Prerequisites
Describe the bug
After upgrading poudriere from 3.4.0 to 3.4.1 we were faced with
jail: jail_set: Operation not permitted
every time we ranpoudriere bulk
. Adding-vvv
did not yield any more relevant information.After a fair while of debugging, we traced it down to https://github.com/freebsd/poudriere/commit/0011f7254 . We had not granted our poudriere jail the
allow.mlock
permissions yet, sojail -c
failed.It would be nice to have a clearer notice in the changelog about this breaking change (currently it only says "- add support for mlock (needed for dotnet)" without implication that it's a hard requirement); or to implement a parameter already suggested in the commit:
Environment