Skip to content

Support allowed images for privileged jobs and services

This is a POC for #27368 (closed) - feature 2

What does this MR do?

This MR add two optional parameters in gitlab-runner configuration: allowed_privileged_images and allowed_privileged_services.

The two parameters define two lists of images, one for jobs end one for services, that will be able to runs as privileged containers.

Allowed images for services and jobs are still defined in the usual properties (allowed_images and allowed_services). However, if privileged is enabled, only the images which are also listed in the new new optional parameters will run as privileged containers. The others will run as normal (non privileged containers).

The two new parameters are optional and if they are not defined everything should run as usual. So existing pipelines should run without any modification.

Why was this MR needed?

It's just a proof of concept, but for some users it could mitigate the risks of running privileged gitlab runners.

What's the best way to test this MR?

I don't know, but you can see the POC in action here: https://gitlab.com/stalb/gitlab-runner-test2

What are the relevant issue numbers?

#27368 (closed)

Edited by Stéphane Talbot

Merge request reports

Loading