limit containers (jobs/services) which can run as privileged
Description
If you configure gitlab-runner privileged = true in [runners.docker] configuration,
all services and build jobs will run as privileged containers.
If gitlab-runners runs in ephemerals vms, it isn't really a problem,
but otherwise it can be a big security issue.
So, first, if we could limit privileged containers to services only, that would allow,
for example,
to limit privileged containers to docker:dind (or better docker:dind-rootless).
This would mitigate the risks a little.
Second, if we could define which images can be used for privileged jobs or services, we would be able to run normal jobs and services with normal containers and limit privileged containers to those that really need it (dind for example).
Proposal
- Add an optional boolean toggle fot gitlab-runner to enable privileged containers for services only.
It could be something like:
[runners.docker]
privileged = false
privileged_services = true
...- Add optional lists to define which images could be runned as privileged jobs or services. Something like:
[runners.docker]
...
allowed_privileged_images = ["image pattern1", "image pattern2",...]
allowed_privileged_services = ["docker:*rootless"]