Skip to content
This repository was archived by the owner on May 9, 2024. It is now read-only.

Fix docker uuid #560

Merged
merged 1 commit into from
Jul 11, 2023
Merged

Fix docker uuid #560

merged 1 commit into from
Jul 11, 2023

Conversation

leshikus
Copy link
Contributor

Security fix - do not allow a docker user access ghrunner resources

@leshikus leshikus requested review from Devjiu and alexbaden June 30, 2023 17:24
Devjiu
Devjiu reviewed Jul 4, 2023
View reviewed changes
Copy link
Contributor

@Devjiu Devjiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still don't understand what security issue is fixed, so I can't approve this.

Devjiu
Devjiu approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@Devjiu Devjiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed the issue offline. This does not eliminate all possible problems, but it prevents the simplest exploits.
There is another approach, but it requires more work with almost the same result.
So we decided to keep this one to solve the security problem.

@leshikus leshikus requested a review from Devjiu July 6, 2023 14:54
@leshikus
Copy link
Contributor Author

leshikus commented Jul 6, 2023

@alexbaden could you please take a look as well; @Garra1980 asked CI patches to be reviewed by you or Ilya

@leshikus leshikus merged commit 1f7ecf4 into main Jul 11, 2023
@leshikus leshikus deleted the lesh/uuid-fix branch July 11, 2023 11:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alexbaden alexbaden alexbaden approved these changes

@Devjiu Devjiu Awaiting requested review from Devjiu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leshikus @alexbaden @Devjiu