Bug 1497984 - whitelist allowPtrace scope, too r=bstack
authorDustin J. Mitchell <dustin@mozilla.com>
Wed, 10 Oct 2018 23:49:37 +0000
changeset 440906 95931b0b064b84a2ff9beb254b70caa4436e8c54
parent 440905 f1d7d48f099d67b42484b568ea7e67983cca1914
child 440907 067a1c08f91d13f9ad8b7c73b40b2a9065d24c0e
push id34840
push userdvarga@mozilla.com
push dateFri, 12 Oct 2018 21:54:33 +0000
treeherdermozilla-central@067a1c08f91d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbstack
bugs1497984
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1497984 - whitelist allowPtrace scope, too r=bstack Differential Revision: https://phabricator.services.mozilla.com/D8279
taskcluster/taskgraph/actions/create_interactive.py
--- a/taskcluster/taskgraph/actions/create_interactive.py
+++ b/taskcluster/taskgraph/actions/create_interactive.py
@@ -47,16 +47,18 @@ SCOPE_WHITELIST = [
     # this is not actually secret, and just about everything needs it
     re.compile(r'^secrets:get:project/taskcluster/gecko/hgfingerprint$'),
     # public downloads are OK
     re.compile(r'^docker-worker:relengapi-proxy:tooltool.download.public$'),
     # level-appropriate secrets are generally necessary to run a task; these
     # also are "not that secret" - most of them are built into the resulting
     # binary and could be extracted by someone with `strings`.
     re.compile(r'^secrets:get:project/releng/gecko/build/level-[0-9]/\*'),
+    # ptracing is generally useful for interactive tasks, too!
+    re.compile(r'^docker-worker:feature:allowPtrace$'),
 ]
 
 
 def context(params):
     # available for any docker-worker tasks at levels 1, 2; and for
     # test tasks on level 3 (level-3 builders are firewalled off)
     if int(params['level']) < 3:
         return [{'worker-implementation': 'docker-worker'}]