xd009642
commented
4 years ago Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it
Closed TriplEight closed 4 years ago
xd009642
commented
4 years ago Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it
TriplEight
commented
4 years ago and no way to avoid it with say, --no-run and then generate reports based on artefacts in CARGO-TARGET-DIR, which can be out of the container?
xd009642
commented
4 years ago well if you don't run the tests you can't collect coverage on them... I suppose you could do no-run then copy the entire target directory out and tarpaulin might not have to rebuild the tests before running them. I haven't tried that, it's not really a "normal" workflow
TriplEight
commented
4 years ago currently tarpaulin works better for me than grcov. But I can't afford lowering security due to the open pipelines we have, so unfortunately will have to stick with the latter.
xd009642
commented
4 years ago If you could use your CI without docker that might be an alternative option, but yeah unfortunately with docker there's no way without lowering the security policy
TriplEight
commented
4 years ago There should be something else. I'm trying to run in local docker and during the tests execution got some
/builds/target/debug/deps/<some dependency>: error while loading shared libraries: libtest-982f95e7e2b65d75.so: cannot open shared object file: No such file or directoryAnd
[DEBUG tarpaulin] Instrumentation address clash, ignoring 0x4962f0And Error: "Test failed during run" in the end.
The command to run docker: docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin
and inside:
git clone https://github.com/paritytech/ink .
docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulinOK, this is weird, but +nightly saved my day, despite I have
# rustup default
nightly-2020-04-07-x86_64-unknown-linux-gnu (default)hmm that might be solved by a new PR that was merged on develop otherwise I'm not really sure. Also I'm not fully sure what is in your tarpaulin tagged image anyway so couldn't be much help in that respect.
TriplEight
commented
4 years ago I just wanted to provide you with a way to reproduce.
Also I'm not fully sure what is in your tarpaulin tagged image
Here it is: https://github.com/paritytech/scripts/blob/tarpaulin/dockerfiles/ink-ci-linux/Dockerfile
TriplEight
commented
4 years ago I was researching a bit further and found that docker actually allows ptrace on default seccomp profile since v19.03.8, on 4.8+ kernels.
But couldn't make tarpaulin work with this. The error is still the same.
Also tried podman and no luck so far.
cc https://github.com/xd009642/tarpaulin/issues/146
xd009642
commented
4 years ago Ah so I was a bit imprecise in my wording. For ptrace to work I need to disable ASLR using the personality system call. As ASLR is a security measure implemented in the kernel that's what specifically needs the lowering
TriplEight
commented
4 years ago Thanks for the clarification. Then it can't be helped without altering the host or the way containers are run. What a pity!
xd009642
commented
4 years ago Yeah it's a shame but it seems to be something that can't be solved. I'm going to close this issue but if you have anymore questions just let me know
GCSBOSS
commented
3 years ago This might just be useful to GitLab user passers by: https://www.collabora.com/news-and-blog/blog/2021/03/24/rust-integrating-llvm-source-base-code-coverage-with-gitlab/
ismailhkose
commented
5 months ago Did you try cargo tarpaulin --engine Llvm?
Exactly the same as in https://github.com/xd009642/tarpaulin/issues/146, getting this error in GitLab's docker runner. Is there a way to get the report in docker without lowering the security?