Re: Changes to GitLab runners configuration

On Sunday, March 22, 2020 12:56 AM, Michael Catanzaro <mcatanzaro gnome org> wrote:

On Sat, Mar 21, 2020 at 1:21 pm, Christian Hergert
christian hergert me wrote:

Those words sound incompatible to me in the same way that if you have
access to Linux's perf, you can sniff pretty much any data you want on
the system.

We're talking about CI runners... we only need privileged access inside
the container running our CI, not outside it. Yes?

It doesn't take much effort to get access outside a privilledged contianer sadly. But maybe we can have a 
shared 'privilledged' runner that's setup in a VM and gets wiped daily or such for the jobs outside the GNOME 
group that need it, such as forked repos.


Attachment: publickey - - 0x0BDAD30B.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]