Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run build containers with updated settings #29

Merged
merged 2 commits into from
Jul 10, 2024
Merged

Run build containers with updated settings #29

merged 2 commits into from
Jul 10, 2024

Conversation

natalieparellano
Copy link
Member

@natalieparellano natalieparellano commented May 1, 2024
edited
Loading

@natalieparellano natalieparellano requested review from a team as code owners May 1, 2024 19:52
@natalieparellano natalieparellano changed the base branch from main to security-fixes May 1, 2024 19:52
@natalieparellano natalieparellano changed the title Run build containers with userns=host Run build containers with updated settings May 2, 2024
natalieparellano
natalieparellano commented May 2, 2024
View reviewed changes
internal/build/phase_config_provider.go
hostConf := new(container.HostConfig)
hostConf.UsernsMode = "host"
if lifecycleExec.os != "windows" {
hostConf.SecurityOpt = []string{"no-new-privileges=true"}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docker parses this here: https://github.com/moby/moby/blob/9d07820b221db010bf1bdc26ca904468804ca712/daemon/daemon_unix.go#L246-L251

@natalieparellano natalieparellano changed the base branch from security-fixes to main May 2, 2024 17:44
jjbustamante
jjbustamante approved these changes May 24, 2024
View reviewed changes
Copy link
Member

@jjbustamante jjbustamante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@natalieparellano natalieparellano changed the base branch from main to security-review July 10, 2024 14:18
@natalieparellano natalieparellano deleted the branch main July 10, 2024 14:45
@natalieparellano natalieparellano changed the base branch from security-review to main July 10, 2024 14:47
@natalieparellano natalieparellano merged commit dded2a0 into main Jul 10, 2024
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjbustamante jjbustamante jjbustamante approved these changes

Assignees
No one assigned
Labels
type/enhancement
Projects
None yet
Milestone
No milestone
2 participants
@natalieparellano @jjbustamante