From e23200e1e4bdd9247d3ef5797e9ff9c472054894 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Mon, 15 Nov 2021 17:24:55 +0100 Subject: [PATCH] infra: Remove redundant --cap-add SYS_PTRACE (#6808) * infra: Remove redundant --cap-add SYS_PTRACE * format? --- infra/cifuzz/docker.py | 3 +-- infra/cifuzz/docker_test.py | 13 +++++-------- infra/helper.py | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/infra/cifuzz/docker.py b/infra/cifuzz/docker.py index 935773d92..f957b4bf3 100644 --- a/infra/cifuzz/docker.py +++ b/infra/cifuzz/docker.py @@ -27,8 +27,7 @@ PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/' # Default fuzz configuration. _DEFAULT_DOCKER_RUN_ARGS = [ - '--cap-add', 'SYS_PTRACE', '-e', - 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', + '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', 'ARCHITECTURE=' + constants.DEFAULT_ARCHITECTURE, '-e', 'CIFUZZ=True' ] diff --git a/infra/cifuzz/docker_test.py b/infra/cifuzz/docker_test.py index b356138cb..b3e6b9937 100644 --- a/infra/cifuzz/docker_test.py +++ b/infra/cifuzz/docker_test.py @@ -66,8 +66,6 @@ class GetBaseDockerRunArgsTest(unittest.TestCase): self.assertEqual(docker_container, CONTAINER_NAME) expected_docker_args = [] expected_docker_args = [ - '--cap-add', - 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e', @@ -93,10 +91,9 @@ class GetBaseDockerRunArgsTest(unittest.TestCase): WORKSPACE, SANITIZER, LANGUAGE) self.assertEqual(docker_container, None) expected_docker_args = [ - '--cap-add', 'SYS_PTRACE', '-e', 'FUZZING_ENGINE=libfuzzer', '-e', - 'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e', - f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e', - f'OUT={WORKSPACE.out}', '-v', + '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', + 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e', + f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v', f'{WORKSPACE.workspace}:{WORKSPACE.workspace}' ] self.assertEqual(docker_args, expected_docker_args) @@ -113,8 +110,8 @@ class GetBaseDockerRunCommandTest(unittest.TestCase): WORKSPACE, SANITIZER, LANGUAGE) self.assertEqual(docker_container, None) expected_docker_command = [ - 'docker', 'run', '--rm', '--privileged', '--cap-add', 'SYS_PTRACE', - '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', + 'docker', 'run', '--rm', '--privileged', '-e', + 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e', 'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v', f'{WORKSPACE.workspace}:{WORKSPACE.workspace}' diff --git a/infra/helper.py b/infra/helper.py index 84a2d2009..2478048a0 100755 --- a/infra/helper.py +++ b/infra/helper.py @@ -651,7 +651,7 @@ def build_fuzzers_impl( # pylint: disable=too-many-arguments,too-many-locals,to if env_to_add: env += env_to_add - command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env) + command = _env_to_docker_args(env) if source_path: workdir = _workdir_from_dockerfile(project) if mount_path: