Eoghan Glynn <egl...@redhat.com> writes: > So I'm wondering whether the CI side-of-the-house would be prepared to > enable this temporarily on the Jenkins slaves, by running: > > echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope > > prior to the glance tests being kicked off, then reverting straight after.
Jenkins is not granted sudo on the slaves, so... > Or, for a more permanent setting: > > sed -e 's/kernel\.yama.\ptrace_scope *= *1/kernel.yama.ptrace_scope = 0/' > /etc/sysctl.d/10-ptrace.conf > > and then re-cast the image used for the Jenkins slaves. Yes, I think it's reasonable to temporarily enable this. The management of the Jenkins slaves is collaborative, and anyone can pitch in and do almost any work without needing privileged access. Just clone a copy of our puppet repo, hack at it, and propose a change. Our goal is that the infrastructure itself is run just like the rest of the project, and we're about 98% of the way there. Here's a change to implement your suggestion: https://review.openstack.org/#/c/8751/ -Jim _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
