diff options
author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2020-07-20 19:59:20 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-21 09:59:20 +1000 |
commit | 2d2a270ec42e83ccdefa7f15ed3f8a030246645e (patch) | |
tree | c4cd84f47af0a448f1bda318e0dbc87759a66119 /.github | |
parent | 092f00abc3de132f667bb682f36dddce4824d5ae (diff) |
Add CAP_SYS_RESOURCE to capability bounding set. (#9569)
This mitigates failures in the eBPF plugin. The issue is a `setrlimi()`
call we're making to allow us to call `memlock()`. The proper fix here
is dependent on whether we can prove that we actually need to call
`memlock()` or not (I suspect we do not _need_ to but it improves
measurement accuracy, in which case it should be optional). If we can,
then this is also a fix and not a mitigation. If we can't, then the fix
is to get rid of those calls in the eBPF plugin and remove this othewise
unneeded capability from our bounding set.
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions