Description
What would you like added?
Support for running GitHub Actions runners in rootless mode, without requiring privileged containers. This would allow runners to operate with reduced privileges while maintaining necessary functionality, leveraging technologies like user namespaces.
Our primary concern is to be able to run Docker sidecar containers in rootless mode when using the Docker-in-Docker approach for CI/CD workflows, which we believe might be possible without privileged containers by leveraging user namespaces.
Why is this needed?
Running containers with root privileges presents significant security risks in production environments. Many organizations have strict security policies that prohibit running privileged containers, which currently limits the deployment options for GitHub Actions runners.
With Kubernetes 1.30 introducing support for user namespaces (https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/), there is now a viable path to running containers with the appearance of root privileges while actually being unprivileged at the host level. This feature would align GitHub Actions runners with modern container security best practices and enable adoption in security-conscious environments.
Additionally, rootless operation would:
- Reduce the attack surface for potential container escapes
- Allow runners to be deployed in environments with strict security policies
- Follow the principle of least privilege, which is a security best practice
Additional context
User namespaces provide a way to map users and groups inside a container to different users and groups on the host system. This allows processes to have root-like capabilities inside the container without having actual root access to the host.
If implementing full rootless support is challenging in the short term, it would be appreciated if you could share workarounds or tips on how to run runners with minimal required capabilities rather than full privileged mode.