Re: Infrastructure | Run CI containers with --cap-add SYS_PTRACE (#370)

From: Bartłomiej Piotrowski <gitlab-issues gnome org>
To: gnome-infrastructure gnome org
Subject: Re: Infrastructure | Run CI containers with --cap-add SYS_PTRACE (#370)
Date: Mon, 13 Jul 2020 14:22:25 +0000

Title: GitLab

I find it hard to believe you don't know security implications of granting SYS_PTRACE to CI which runs completely arbitrary loads, not to mention runners no longer run with --privileged after it was reported it breaks glib test suite as well.

We likely can provide a burner VM with odd CAPs applied but I wish your request wasn't written in such a disheartening way in the first place.

References:
- Infrastructure | Run CI containers with --cap-add SYS_PTRACE (#370)
  - From: Michael Catanzaro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]