Re: Changes to GitLab runners configuration

From: Jordan Petridis <jordan alatiera com>
To: Michael Catanzaro <mcatanzaro gnome org>
Cc: Christian Hergert <christian hergert me>, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Changes to GitLab runners configuration
Date: Thu, 26 Mar 2020 12:17:57 +0000

On Sunday, March 22, 2020 12:56 AM, Michael Catanzaro <mcatanzaro gnome org> wrote:

On Sat, Mar 21, 2020 at 1:21 pm, Christian Hergert
christian hergert me wrote:

Those words sound incompatible to me in the same way that if you have
access to Linux's perf, you can sniff pretty much any data you want on
the system.

We're talking about CI runners... we only need privileged access inside
the container running our CI, not outside it. Yes?


It doesn't take much effort to get access outside a privilledged contianer sadly. But maybe we can have a 
shared 'privilledged' runner that's setup in a VM and gets wiped daily or such for the jobs outside the GNOME 
group that need it, such as forked repos.


Jordan

Attachment: publickey - jordan@alatiera.com - 0x0BDAD30B.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- Re: Changes to GitLab runners configuration
  - From: philip . chimento
- Re: Changes to GitLab runners configuration
  - From: Michael Catanzaro
- Re: Changes to GitLab runners configuration
  - From: philip . chimento
- Re: Changes to GitLab runners configuration
  - From: Michael Catanzaro
- Re: Changes to GitLab runners configuration
  - From: philip . chimento
- Re: Changes to GitLab runners configuration
  - From: Christian Hergert
- Re: Changes to GitLab runners configuration
  - From: Michael Catanzaro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]