Bug 1497984 - whitelist allowPtrace scope, too r=bstack
authorDustin J. Mitchell <dustin@mozilla.com>
Wed, 10 Oct 2018 23:49:37 +0000
changeset 489349 95931b0b064b84a2ff9beb254b70caa4436e8c54
parent 489348 f1d7d48f099d67b42484b568ea7e67983cca1914
child 489350 067a1c08f91d13f9ad8b7c73b40b2a9065d24c0e
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersbstack
bugs1497984
milestone64.0a1
Bug 1497984 - whitelist allowPtrace scope, too r=bstack Differential Revision: https://phabricator.services.mozilla.com/D8279
taskcluster/taskgraph/actions/create_interactive.py
--- a/taskcluster/taskgraph/actions/create_interactive.py
+++ b/taskcluster/taskgraph/actions/create_interactive.py
@@ -47,16 +47,18 @@ SCOPE_WHITELIST = [
     # this is not actually secret, and just about everything needs it
     re.compile(r'^secrets:get:project/taskcluster/gecko/hgfingerprint$'),
     # public downloads are OK
     re.compile(r'^docker-worker:relengapi-proxy:tooltool.download.public$'),
     # level-appropriate secrets are generally necessary to run a task; these
     # also are "not that secret" - most of them are built into the resulting
     # binary and could be extracted by someone with `strings`.
     re.compile(r'^secrets:get:project/releng/gecko/build/level-[0-9]/\*'),
+    # ptracing is generally useful for interactive tasks, too!
+    re.compile(r'^docker-worker:feature:allowPtrace$'),
 ]
 
 
 def context(params):
     # available for any docker-worker tasks at levels 1, 2; and for
     # test tasks on level 3 (level-3 builders are firewalled off)
     if int(params['level']) < 3:
         return [{'worker-implementation': 'docker-worker'}]