From 3ddf88a03123befa038fdb4e33639d3644bbb01a Mon Sep 17 00:00:00 2001
From: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
Date: Wed, 15 Oct 2025 08:41:09 -0400
Subject: [PATCH] Merge pull request #29106 from
 overleaf/bg-fix-capdrop-in-docker-runner

fix capdrop in docker runner

GitOrigin-RevId: 1e8c81723a9e152ec85a3a2776965891fbe07606
---
 services/clsi/app/js/DockerRunner.js            | 2 +-
 services/clsi/test/unit/js/DockerRunnerTests.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/clsi/app/js/DockerRunner.js b/services/clsi/app/js/DockerRunner.js
index 647d26d6d5..77622c46a2 100644
--- a/services/clsi/app/js/DockerRunner.js
+++ b/services/clsi/app/js/DockerRunner.js
@@ -254,7 +254,7 @@ const DockerRunner = {
             Hard: timeoutInSeconds + 10,
           },
         ],
-        CapDrop: 'ALL',
+        CapDrop: ['ALL'],
         SecurityOpt: ['no-new-privileges'],
       },
     }
diff --git a/services/clsi/test/unit/js/DockerRunnerTests.js b/services/clsi/test/unit/js/DockerRunnerTests.js
index b060a5eb63..2ef0a3c072 100644
--- a/services/clsi/test/unit/js/DockerRunnerTests.js
+++ b/services/clsi/test/unit/js/DockerRunnerTests.js
@@ -487,7 +487,7 @@ describe('DockerRunner', function () {
         return expect(options.HostConfig).to.deep.include({
           Binds: ['/some/host/dir/compiles/directory:/compile:rw'],
           LogConfig: { Type: 'none', Config: {} },
-          CapDrop: 'ALL',
+          CapDrop: ['ALL'],
           SecurityOpt: ['no-new-privileges'],
           newProperty: 'new-property',
         })