I guess this is related with apparmor, the issue might be addressed by setting the arpparmor’s profile to “unconfined”, is there any chance for us to configure the apparmor in lXD by ourselves and how?
Short answer: no, custom apparmor LXD host config won’t be available to the users as it impacts whole LXD host (where not only your builds can be run).
Having said that, couple of questions gave us information, that LXD-based build jobs are not sufficient for all scenarios out there. This could be handled (w/o diving into details) with ‘full VM’ approach. Is this something that would fit your scenario or would you rather adapt ARM build scenario for your code to work within LXD security rules?
Thank you @Michal for your quick response, the code there is not for ARM only, and change the code to fit with the case with LXD for ARM seems not a good approach, it makes the code not generic and I believe other maintainers will not happy with the change.
I’d love to see travis also provide us an option to run those CI with “full VM” approach for ARM platform as well, this will make thing easier.
I wouldn’t suggest changing the code itself either, rather the build process only for it for ARM if it’s even a considerable option (basically, avoid certain priviliged filesystems and folders access) - still, I can imagine sometimes it simply can’t be done.
Thanks for voicing the necessity for full VM approach for ARM builds being available. I cannot share any timeline for it yet, but stay tuned please.