From f21cd31b9442e650510118988f2e94e6efb8b903 Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <sameo@linux.intel.com>
Date: Wed, 12 Feb 2020 12:53:48 +0100
Subject: [PATCH] scripts: dev_cli: Add more privileges for the integration
 tests

We need the host IPC for sharing eventfds with KVM, and the host network
for VFIO.

We also enforce the no-seccomp setting on the container, to overcome any
potential filtering set by our container's Ubuntu base.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 scripts/dev_cli.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/dev_cli.sh b/scripts/dev_cli.sh
index f382e94d7..bdbfb9bb8 100755
--- a/scripts/dev_cli.sh
+++ b/scripts/dev_cli.sh
@@ -256,10 +256,14 @@ cmd_tests() {
 	       --workdir "$CTR_CLH_ROOT_DIR" \
 	       --rm \
 	       --privileged \
+	       --security-opt seccomp=unconfined \
+	       --ipc=host \
+	       --net=host \
 	       --mount type=tmpfs,destination=/tmp \
 	       --volume /dev:/dev \
 	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
 	       --volume "$CLH_INTEGRATION_WORKLOADS:$CTR_CLH_INTEGRATION_WORKLOADS" \
+	       --env USER="root" \
 	       "$CTR_IMAGE" \
 	       ./scripts/run_integration_tests.sh "$@" || fix_dir_perms $? || exit $?
     fi