fixup! ci: upgrade ubuntu runners for reproducible builds

disable apparmor
edgelesssys · Oct 24, 2024 · 76e8d71 · 76e8d71
1 parent 7824f1e
commit 76e8d71
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml
@@ -103,6 +103,17 @@ jobs:
         binary: "osimage-${{ matrix.target }}-${{ matrix.runner }}"
     runs-on: ${{ matrix.runner }}
     steps:
+      - name: Remove security hardening features
+        if: matrix.runner == 'ubuntu-24.04'
+        shell: bash
+        run: |
+          sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0
+          sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0
+          # This command fails with a non-zero error code even though it unloads the apparmor profiles.
+          # https://gitlab.com/apparmor/apparmor/-/issues/403
+          aa-teardown || true
+          apt-get remove -y apparmor
+
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with: