gitlab runner v13.9.0 - error relocating RELRO protection failed
Summary
Installing the gitlab runner v13.9.0 on fedora 32 using image based of fedora 32 fails the job in "Preparing environment" stage of job due to RELRO protection (see https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro)
Steps to reproduce
- on a fedora 32 machine install gitlab runner
- provide the below template to runners config:
[[runners]]
name = "RELRO"
url = "https://gitlab.com/"
token = "XYZ"
executor = "docker"
[runners.docker]
tls_verify = false
image = "fedora:32"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
cache_dir = "/cache"
volumes = ["/cache:/cache:z"]
shm_size = 0
Example Project
Only been tested with fedora image, but this shouldn't matter, it is the way that you do things in the runner in v13.9.0, v13.8.0 is not affected. A sample job could be
failMcFaily:
stage: build
image: fedora:32
tags:
- tagForFedora32Machine
script:
- echo "hello world"
What is the current bug behavior?
Preparing environment 00:01
Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied
Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied
Error relocating /usr/lib/libncursesw.so.6: RELRO protection failed: Permission denied
Error relocating /usr/bin/gitlab-runner-build: RELRO protection failed: Permission denied
ERROR: Job failed (system failure): prepare environment: exit code 127. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
What is the expected correct behavior?
Job is executing after prepare, this is what happens in v13.8.0
Relevant logs and/or screenshots
Preparing environment 00:01
Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied
Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied
Error relocating /usr/lib/libncursesw.so.6: RELRO protection failed: Permission denied
Error relocating /usr/bin/gitlab-runner-build: RELRO protection failed: Permission denied
ERROR: Job failed (system failure): prepare environment: exit code 127. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
Output of checks
gitlab.com
Results of GitLab environment info
None
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
None
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
None