3.4.1 `poudriere-bulk` requires `allow.mlock` : `jail_set: Operation not permitted`

[ds-cbo]

Prerequisites

• [x] Have you checked for an existing issue describing your problem?
• [x] Are you running the latest version?
• [x] Is your ports tree recent?
• [x] Is your FreeBSD Host on a supported release?

Describe the bug

After upgrading poudriere from 3.4.0 to 3.4.1 we were faced with jail: jail_set: Operation not permitted every time we ran poudriere bulk. Adding -vvv did not yield any more relevant information.

After a fair while of debugging, we traced it down to https://github.com/freebsd/poudriere/commit/0011f7254 . We had not granted our poudriere jail the allow.mlock permissions yet, so jail -c failed.

It would be nice to have a clearer notice in the changelog about this breaking change (currently it only says "- add support for mlock (needed for dotnet)" without implication that it's a hard requirement); or to implement a parameter already suggested in the commit:

# we have no parameter to check if allow.mlock is allowed
#if [ ${JAILED} -eq 0 ] || \
#    [ $(sysctl -n security.jail.mlock_allowed) -eq 1 ]; then

Environment

• Host OS: 13.2 amd64
• Poudriere Version: 3.4.1

[bapt]

it is not a bug, this is a hard requirement yes, it could have been better advertise, probably yes my fault, that said we cannot make it smoother now, I have committer in freebsd the security.jail.mlock_allowed it will be in 13.3 and 14.1 and as soon as it is available in both, then we will be able to activate it only if properly supported, in the mean time I have no idea on how to better advertise for it.