Bug 1497984 - whitelist allowPtrace scope, too r=bstack
authorDustin J. Mitchell <dustin@mozilla.com>
Wed, 10 Oct 2018 23:49:37 +0000
changeset 499354 95931b0b064b84a2ff9beb254b70caa4436e8c54
parent 499353 f1d7d48f099d67b42484b568ea7e67983cca1914
child 499355 067a1c08f91d13f9ad8b7c73b40b2a9065d24c0e
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbstack
bugs1497984
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1497984 - whitelist allowPtrace scope, too r=bstack Differential Revision: https://phabricator.services.mozilla.com/D8279
taskcluster/taskgraph/actions/create_interactive.py
--- a/taskcluster/taskgraph/actions/create_interactive.py
+++ b/taskcluster/taskgraph/actions/create_interactive.py
@@ -47,16 +47,18 @@ SCOPE_WHITELIST = [
     # this is not actually secret, and just about everything needs it
     re.compile(r'^secrets:get:project/taskcluster/gecko/hgfingerprint$'),
     # public downloads are OK
     re.compile(r'^docker-worker:relengapi-proxy:tooltool.download.public$'),
     # level-appropriate secrets are generally necessary to run a task; these
     # also are "not that secret" - most of them are built into the resulting
     # binary and could be extracted by someone with `strings`.
     re.compile(r'^secrets:get:project/releng/gecko/build/level-[0-9]/\*'),
+    # ptracing is generally useful for interactive tasks, too!
+    re.compile(r'^docker-worker:feature:allowPtrace$'),
 ]
 
 
 def context(params):
     # available for any docker-worker tasks at levels 1, 2; and for
     # test tasks on level 3 (level-3 builders are firewalled off)
     if int(params['level']) < 3:
         return [{'worker-implementation': 'docker-worker'}]