Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary permissions #1112

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Remove unnecessary permissions #1112

wants to merge 3 commits into from

Conversation

jakogut
Copy link
Contributor

@jakogut jakogut commented Jan 31, 2024

No description provided.

@flowzone-app flowzone-app bot enabled auto-merge January 31, 2024 19:43
@jakogut
compose: core: replace privileged w/ capabilities
fef22b6 
Removes the automatic population of host devices at container startup,
and replaces privileged with fine(r) grained capabilities.

Change-type: patch
Signed-off-by: Joseph Kogut <[email protected]>
@jakogut
compose: core: create losetup devices in entry.sh
d51ad9b 
Signed-off-by: Joseph Kogut <[email protected]>
@jakogut
compose: core: remove /dev:/dev binding
5d13217 
Binding the host's devtmpfs inside a container, especially in
combination with `privileged: true` has a high likelyhood of tampering
with host device permissions and nodes. Remove it.

Change-type: patch
Signed-off-by: Joseph Kogut <[email protected]>
@jakogut jakogut force-pushed the remove-unnecessary-permissions branch from b55c71f to 5d13217 Compare January 31, 2024 21:15
@jakogut
Copy link
Contributor Author

jakogut commented Jan 31, 2024

Passes the OS suite, but fails preloading. Marking as a draft again.

@jakogut jakogut marked this pull request as draft January 31, 2024 21:39
auto-merge was automatically disabled January 31, 2024 21:39

Pull request was converted to draft

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klutchell klutchell Awaiting requested review from klutchell

@vipulgupta2048 vipulgupta2048 Awaiting requested review from vipulgupta2048

@rcooke-warwick rcooke-warwick Awaiting requested review from rcooke-warwick

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jakogut