Merge pull request #1351 from t-woerner/infra_image_start_debug

infra/image/shdefaults: Add SYS_PTRACE to CAP_DEFAULTS

Merge pull request #1351 from t-woerner/infra_image_start_debug
72453399 · Rafael Guterres Jeffman · GitHub · 86701caf · 638422e1 · 72453399
Unverified Commit 72453399 authored 1 month ago by Rafael Guterres Jeffman Committed by GitHub 1 month ago
--- a/infra/image/shcontainer
+++ b/infra/image/shcontainer
@@ -4,6 +4,7 @@
 SCRIPTDIR="$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}")")"
 TOPDIR="$(readlink -f "${SCRIPTDIR}/../..")"
+# shellcheck disable=SC1091
 . "${SCRIPTDIR}/shdefaults"
 # shellcheck disable=SC1091
@@ -15,7 +16,8 @@ container_create() {
    shift 2
    declare -a extra_opts
    readarray -t extra_opts < \
-        <(sed -e "s/-/--cap-drop=/g" -e "s/+/--cap-add=/g" <<< "${CAP_DEFAULTS[@]}")
+        <(sed -e "s/-/--cap-drop=/g" -e "s/+/--cap-add=/g" \
+        <<< "$(printf '%s\n' "${CAP_DEFAULTS[@]}")")
    for opt in "$@"
    do
        [ -z "${opt}" ] && continue

--- a/infra/image/shdefaults
+++ b/infra/image/shdefaults
@@ -5,4 +5,5 @@
 # Use +CAP to add the capability and -CAP to drop the capability.
 CAP_DEFAULTS=(
    "+DAC_READ_SEARCH"  # Required for SSSD
+    "+SYS_PTRACE"       # Required for debugging
 )