The gdb requires ptrace capability, but the way we run containers
now is that they drop every capability. Preserve SYS_PTRACE then.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 Makefile.ci | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile.ci b/Makefile.ci
index 8857c953b2..977e0445c6 100644
--- a/Makefile.ci
+++ b/Makefile.ci
@@ -167,6 +167,7 @@ CI_ENGINE_ARGS = \
 	--volume $(CI_HOST_SRCDIR):$(CI_CONT_SRCDIR):z \
 	--workdir $(CI_CONT_SRCDIR) \
 	--ulimit nofile=$(CI_ULIMIT_FILES):$(CI_ULIMIT_FILES) \
+	--cap-add=SYS_PTRACE \
 	$(NULL)
 
 ci-check-engine:
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Thu, Aug 15, 2019 at 05:15:56PM +0200, Michal Privoznik wrote:
> The gdb requires ptrace capability, but the way we run containers
> now is that they drop every capability. Preserve SYS_PTRACE then.
>
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---

Makes sense to me, so I can give you my:
Reviewed-by: Erik Skultety <eskultet@redhat.com>

...but I'd wait and let others to comment.

>  Makefile.ci | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/Makefile.ci b/Makefile.ci
> index 8857c953b2..977e0445c6 100644
> --- a/Makefile.ci
> +++ b/Makefile.ci
> @@ -167,6 +167,7 @@ CI_ENGINE_ARGS = \
>  	--volume $(CI_HOST_SRCDIR):$(CI_CONT_SRCDIR):z \
>  	--workdir $(CI_CONT_SRCDIR) \
>  	--ulimit nofile=$(CI_ULIMIT_FILES):$(CI_ULIMIT_FILES) \
> +	--cap-add=SYS_PTRACE \
>  	$(NULL)
>
>  ci-check-engine:
> --
> 2.21.0
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list