infra: Remove redundant --cap-add SYS_PTRACE (#6808)

* infra: Remove redundant --cap-add SYS_PTRACE * format?
2021-11-15 17:24:55 +01:00 · 2021-11-15 17:24:55 +01:00 · e23200e1e4
parent ffeb8fd03d
commit e23200e1e4
3 changed files with 7 additions and 11 deletions
--- a/infra/cifuzz/docker.py
+++ b/infra/cifuzz/docker.py
@ -27,8 +27,7 @@ PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/'

 # Default fuzz configuration.
 _DEFAULT_DOCKER_RUN_ARGS = [
-    '--cap-add', 'SYS_PTRACE', '-e',
-    'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e',
+    '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e',
    'ARCHITECTURE=' + constants.DEFAULT_ARCHITECTURE, '-e', 'CIFUZZ=True'
 ]

--- a/infra/cifuzz/docker_test.py
+++ b/infra/cifuzz/docker_test.py
@ -66,8 +66,6 @@ class GetBaseDockerRunArgsTest(unittest.TestCase):
    self.assertEqual(docker_container, CONTAINER_NAME)
    expected_docker_args = []
    expected_docker_args = [
-        '--cap-add',
-        'SYS_PTRACE',
        '-e',
        'FUZZING_ENGINE=libfuzzer',
        '-e',
@ -93,10 +91,9 @@ class GetBaseDockerRunArgsTest(unittest.TestCase):
        WORKSPACE, SANITIZER, LANGUAGE)
    self.assertEqual(docker_container, None)
    expected_docker_args = [
-        '--cap-add', 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e',
-        'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e',
-        f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e',
-        f'OUT={WORKSPACE.out}', '-v',
+        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
+        'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
+        f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
        f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
    ]
    self.assertEqual(docker_args, expected_docker_args)
@ -113,8 +110,8 @@ class GetBaseDockerRunCommandTest(unittest.TestCase):
        WORKSPACE, SANITIZER, LANGUAGE)
    self.assertEqual(docker_container, None)
    expected_docker_command = [
-        'docker', 'run', '--rm', '--privileged', '--cap-add', 'SYS_PTRACE',
-        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
+        'docker', 'run', '--rm', '--privileged', '-e',
+        'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
        'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
        f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
        f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
--- a/infra/helper.py
+++ b/infra/helper.py
@ -651,7 +651,7 @@ def build_fuzzers_impl(  # pylint: disable=too-many-arguments,too-many-locals,to
  if env_to_add:
    env += env_to_add

-  command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env)
+  command = _env_to_docker_args(env)
  if source_path:
    workdir = _workdir_from_dockerfile(project)
    if mount_path: