Skip to content

Commit 7540be0

Browse files
iQQBotiQQBot
committed
[supervisor] add ptrace cap for all child process
1 parent f7a95c2 commit 7540be0

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

components/supervisor/pkg/supervisor/supervisor.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ import (
4242
"github.com/prometheus/common/route"
4343
"github.com/soheilhy/cmux"
4444
"golang.org/x/crypto/ssh"
45+
"golang.org/x/sys/unix"
4546
"golang.org/x/xerrors"
4647
"google.golang.org/grpc"
4748
"google.golang.org/grpc/codes"
@@ -1945,6 +1946,7 @@ func runAsGitpodUser(cmd *exec.Cmd) *exec.Cmd {
19451946
cmd.Env = append(cmd.Env, childProcEnvvars...)
19461947
cmd.SysProcAttr.Credential.Uid = gitpodUID
19471948
cmd.SysProcAttr.Credential.Gid = gitpodGID
1949+
cmd.SysProcAttr.AmbientCaps = append(cmd.SysProcAttr.AmbientCaps, unix.CAP_SYS_PTRACE)
19481950
return cmd
19491951
}
19501952

0 commit comments

Comments
 (0)