Option to override the Docker default user (!3241) · Merge requests · GitLab.org / gitlab-runner

Olliver Schinagl requested to merge olliver/gitlab-org/gitlab-runner:dev/allow_user_override into main Dec 10, 2021

With security becoming more important for container image suppliers, it makes the use of these containers a bit more cumbersome to use.

Taking for example the official curl docker image. By default it will drop root permissions and run everything as a regular user. For normal use-cases perfect. However when one needs to do slightly more (especially in the context of CI) that requires elevated permissions, normally docker run --user 'root:root' can be used to bypass this limitation.

By allowing the pipeline to override the user setting, we can achieve the same goals as entrypoint override overs us, allowing for upstream official secure by default containers to be used, without having to resort to hacks, workarounds or third party containers and encouraging container builders to offer secure containers by default.

This option can be disabled via the runner like the entrypoint can be.

Option to override the Docker default user

Merge request reports