Build environments on build.archlinux.org are more restrictive than local clean chroot

When building libelf on build.archlinux.org I noticed four failing tests that I do not get with a local build (run-deleted.sh, run-backtrace-data.sh, run-backtrace-native.sh, run-backtrace-dwarf.sh). These test failures are due to a more restrictive build environment on the build server than in a local chroot.

An example of a failing test is run-backtrace-native.sh, which attempts to run valgrind on a built test binary:

cat /var/lib/archbuild/testing-x86_64/dvzrv/build/elfutils/src/elfutils-test-0.186/tests/run-backtrace-native.sh.log
backtrace-child: backtrace-child.c:238: main: Assertion `l == 0' failed.
backtrace-child: backtrace-child.c:167: stdarg: Assertion `l == 0' failed.
backtrace: backtrace.c:405: exec_dump: Assertion `WIFSTOPPED (status)' failed.
./test-subr.sh: line 84: 27469 Aborted                 (core dumped) LD_LIBRARY_PATH="${built_library_path}${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" $VALGRIND_CMD "$@"
backtrace-child: no main
FAIL run-backtrace-native.sh (exit status: 1)

Do we allow CAP_SYS_PTRACE in the build environment?

I believe that we need a more clear and concise definition of what our build environment is allowed to provide, so that it is easier to spot issues with builds and their tests and (ideally) have the same restrictions in place across the board.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Build environments on build.archlinux.org are more restrictive than local clean chroot