infra: Remove redundant --cap-add SYS_PTRACE (#6808)

* infra: Remove redundant --cap-add SYS_PTRACE * format?
author: MarcoFalke <falke.marco@gmail.com> 2021-11-15 17:24:55 +0100
committer: GitHub <noreply@github.com> 2021-11-15 11:24:55 -0500
commit: e23200e1e4bdd9247d3ef5797e9ff9c472054894 (patch)
tree: f903598e0644759bf661f41221cac5bff08a10c9
parent: ffeb8fd03d98816cbce8e10341f8794acd5293b1 (diff)
3 files changed, 7 insertions, 11 deletions
diff --git a/infra/cifuzz/docker.py b/infra/cifuzz/docker.py
index 935773d9..f957b4bf 100644
--- a/infra/cifuzz/docker.py
+++ b/infra/cifuzz/docker.py
@@ -27,8 +27,7 @@ PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/'
 
 # Default fuzz configuration.
 _DEFAULT_DOCKER_RUN_ARGS = [
-    '--cap-add', 'SYS_PTRACE', '-e',
-    'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e',
+    '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e',
     'ARCHITECTURE=' + constants.DEFAULT_ARCHITECTURE, '-e', 'CIFUZZ=True'
 ]
 
diff --git a/infra/cifuzz/docker_test.py b/infra/cifuzz/docker_test.py
index b356138c..b3e6b993 100644
--- a/infra/cifuzz/docker_test.py
+++ b/infra/cifuzz/docker_test.py
@@ -66,8 +66,6 @@ class GetBaseDockerRunArgsTest(unittest.TestCase):
     self.assertEqual(docker_container, CONTAINER_NAME)
     expected_docker_args = []
     expected_docker_args = [
-        '--cap-add',
-        'SYS_PTRACE',
         '-e',
         'FUZZING_ENGINE=libfuzzer',
         '-e',
@@ -93,10 +91,9 @@ class GetBaseDockerRunArgsTest(unittest.TestCase):
         WORKSPACE, SANITIZER, LANGUAGE)
     self.assertEqual(docker_container, None)
     expected_docker_args = [
-        '--cap-add', 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e',
-        'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e',
-        f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e',
-        f'OUT={WORKSPACE.out}', '-v',
+        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
+        'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
+        f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
         f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
     ]
     self.assertEqual(docker_args, expected_docker_args)
@@ -113,8 +110,8 @@ class GetBaseDockerRunCommandTest(unittest.TestCase):
         WORKSPACE, SANITIZER, LANGUAGE)
     self.assertEqual(docker_container, None)
     expected_docker_command = [
-        'docker', 'run', '--rm', '--privileged', '--cap-add', 'SYS_PTRACE',
-        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
+        'docker', 'run', '--rm', '--privileged', '-e',
+        'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
         'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
         f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
         f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
diff --git a/infra/helper.py b/infra/helper.py
index 84a2d200..2478048a 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -651,7 +651,7 @@ def build_fuzzers_impl(  # pylint: disable=too-many-arguments,too-many-locals,to
   if env_to_add:
     env += env_to_add
 
-  command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env)
+  command = _env_to_docker_args(env)
   if source_path:
     workdir = _workdir_from_dockerfile(project)
     if mount_path:
author	MarcoFalke <falke.marco@gmail.com>	2021-11-15 17:24:55 +0100
committer	GitHub <noreply@github.com>	2021-11-15 11:24:55 -0500
commit	e23200e1e4bdd9247d3ef5797e9ff9c472054894 (patch)
tree	f903598e0644759bf661f41221cac5bff08a10c9
parent	ffeb8fd03d98816cbce8e10341f8794acd5293b1 (diff)