This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/trafficserver-ci.git
The following commit(s) were added to refs/heads/main by this push:
new 1b7ee79 Add SYS_PTRACE capability to centos pipeline (#413)
1b7ee79 is described below
commit 1b7ee793c6eb59fa6d265c0e2bfa7ed3a0280239
Author: Brian Neradt <[email protected]>
AuthorDate: Tue Dec 23 16:14:05 2025 -0600
Add SYS_PTRACE capability to centos pipeline (#413)
The traffic_crashlog helper uses ptrace to get backtraces from the
crashed traffic_server process. Without the SYS_PTRACE capability,
ptrace fails with EPERM and no backtrace is captured in the crash log.
Also add --init for proper signal handling in the container.
Also disable seccomp filtering with --security-opt seccomp=unconfined
because Docker's default seccomp profile blocks ptrace even when
SYS_PTRACE capability is added.
---
jenkins/github/centos.pipeline | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jenkins/github/centos.pipeline b/jenkins/github/centos.pipeline
index db34272..a70ffb8 100644
--- a/jenkins/github/centos.pipeline
+++ b/jenkins/github/centos.pipeline
@@ -4,7 +4,7 @@ pipeline {
image 'ci.trafficserver.apache.org/ats/centos:7'
registryUrl 'https://ci.trafficserver.apache.org/'
label 'docker'
- args '--init --cap-add=SYS_PTRACE -v ${HOME}/ccache:/tmp/ccache:rw'
+ args '--init --cap-add=SYS_PTRACE --security-opt
seccomp=unconfined -v ${HOME}/ccache:/tmp/ccache:rw'
}
}
environment {
