CI: run sanitizers as root

[tinc] / .ci / sanitizers / run.sh

diff --git a/.ci/sanitizers/run.sh b/.ci/sanitizers/run.sh
index b615d9d..8bf409f 100755 (executable)
--- a/.ci/sanitizers/run.sh
+++ b/.ci/sanitizers/run.sh
@@ -8,13 +8,14 @@ logs="$GITHUB_WORKSPACE/sanitizer"
 
 case "$SANITIZER" in
 undefined)
-  flags='-fsanitize=integer -fsanitize=nullability'
+  flags='-fsanitize=integer -fsanitize=nullability -fno-sanitize=unsigned-integer-overflow'
   export UBSAN_OPTIONS="log_path=$logs/ubsan:print_stacktrace=1"
   ;;
 
 address)
   flags='-fsanitize-address-use-after-scope -fsanitize=pointer-compare -fsanitize=pointer-subtract'
   export ASAN_OPTIONS="log_path=$logs/asan:detect_invalid_pointer_pairs=2:strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1"
+  export LSAN_OPTIONS="suppressions=$dir/suppress.txt:print_suppressions=0"
   ;;
 
 thread)
@@ -32,7 +33,7 @@ export CC='clang-12'
 export CPPFLAGS='-DDEBUG'
 export CFLAGS="-O0 -g -fsanitize=$SANITIZER -fno-omit-frame-pointer -fno-common -fsanitize-blacklist=$dir/ignore.txt $flags"
 
-bash .ci/test/run.sh "$@"
+sudo bash .ci/test/run.sh "$@"
 
 # Check that the sanitizer has not created any log files.
 # If it has, fail the job to notify the developer.