Add SetUID Capability to Shell Executor (!1199) · Merge requests · GitLab.org / gitlab-runner

Kendall Moore requested to merge onyxpoint/gitlab/gitlab-runner:setuid into master Feb 13, 2019

What does this MR do?

Adds support for SetUID in the Shell Executor.

Why was this MR needed?

To enhance the security posture of the GitLab Runner with SetUID, allowing for more concrete auditing and permissions control of CI jobs.

Are there points in the code the reviewer needs to double check?

In particular the SetUID Helpers that were added are Linux-specific and rely on libraries that don't work on Windows. Any insight or opinions from the Engineering team on these helpers would be appreciated.

Does this MR meet the acceptance criteria?

Documentation created/updated
Added tests for this feature/bug
In case of conflicts with master - branch was rebased

What are the relevant issue numbers?

#3575

Edited May 06, 2019 by Kendall Moore

Add SetUID Capability to Shell Executor

What does this MR do?

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports