UBI GitLab Rails Container - Remove world writable permission from scripts folders
What does this MR do?
This proposes that we add a line to the gitlab-rails UBI Dockerfile to remove the world writable permission on the scripts/lib and scripts/lib/check folders. The current configuration is causing OpenSCAP findings.
Related issues
https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2910
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated
Edited by Mitchell Nielsen