You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 14, 2020. It is now read-only.
It's really bad that the runner runs as root. It should probably just run as a set user, who doesn't have permission to do much at all other than write some stuff to /tmp, execute some executables and read some files.
The text was updated successfully, but these errors were encountered:
We want to allow users to have access to the machine, for future capabilities that we are planning. @azhao12345 looked into this and found that the next version of Docker should tighten up security even further so that running as root shouldn't be an issue at all.
Andrew can you please provide more details on how the next version will impact us?
The newer version of docker should implement user namespaces, meaning that the root user in the container will have a different process uid on the host. Since the containers are destroyed on every run, any modification to the accessible files in the container shouldn't be an issue.
It's really bad that the runner runs as root. It should probably just run as a set user, who doesn't have permission to do much at all other than write some stuff to /tmp, execute some executables and read some files.
The text was updated successfully, but these errors were encountered: