Use non procfs file path and use host pid namespace

ddelnano · ddelnano · commit feaccd5787fc · 2025-12-03T06:53:15.000Z
Signed-off-by: Dom Del Nano &lt;ddelnano@gmail.com&gt;
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -128,7 +128,7 @@ jobs:
       checks: write
     container:
       image: ${{ needs.get-dev-image.outputs.image-with-tag }}
-      options: --privileged
+      options: --privileged --pid=host
     if: ${{ needs.generate-matrix.outputs.matrix && (toJson(fromJson(needs.generate-matrix.outputs.matrix)) != '[]') }}
     strategy:
       matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -163,9 +163,8 @@ jobs:
       run: |
         # Github actions container runner creates a docker network without IPv6 support. We enable it manually.
         sysctl -w net.ipv6.conf.lo.disable_ipv6=0
-        cat /proc/1/root/sys/kernel/security/lsm
-        echo 0 > /proc/1/root/proc/sys/kernel/apparmor_restrict_unprivileged_userns
         sysctl -w kernel.unprivileged_userns_clone=1
+        bash -c "echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns"
         ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \
           2> >(tee bazel_stderr)
     - name: Parse junit reports
