diff options
author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-03-30 15:32:42 +0300 |
---|---|---|
committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-03-30 15:32:42 +0300 |
commit | 1172978b8fa1baf7c641818ba0b562542eb71c81 (patch) | |
tree | 255e2722978b604ca7aef2068b40f1606a1820d4 | |
parent | a9346cab20f7e54a849877e2aa8601b8b3707652 (diff) | |
download | gitlab-ce-shared_runners_warning.tar.gz |
Change shared Runners warning message and link to docsshared_runners_warning
-rw-r--r-- | app/views/projects/runners/_shared_runners.html.haml | 5 | ||||
-rw-r--r-- | doc/ci/runners/README.md | 13 |
2 files changed, 14 insertions, 4 deletions
diff --git a/app/views/projects/runners/_shared_runners.html.haml b/app/views/projects/runners/_shared_runners.html.haml index 6a37f444bb7..1f656971f46 100644 --- a/app/views/projects/runners/_shared_runners.html.haml +++ b/app/views/projects/runners/_shared_runners.html.haml @@ -1,7 +1,10 @@ %h3 Shared runners .bs-callout.bs-callout-warning - GitLab Runners do not offer secure isolation between projects that they do builds for. You are TRUSTING all GitLab users who can push code to project A, B or C to run shell scripts on the machine hosting runner X. + Depending on the executor that GitLab Runners use, they may not offer secure + isolation between projects that they do builds for. Read more about + %a{href: "/help/ci/runners/README.md#attack-vectors-in-runners"} + GitLab Runner security. %hr - if @project.shared_runners_enabled? = link_to toggle_shared_runners_namespace_project_runners_path(@project.namespace, @project), class: 'btn btn-warning', method: :post do diff --git a/doc/ci/runners/README.md b/doc/ci/runners/README.md index 295d953db11..c76027f6949 100644 --- a/doc/ci/runners/README.md +++ b/doc/ci/runners/README.md @@ -62,7 +62,7 @@ Now simply register the runner as any runner: sudo gitlab-runner register ``` -Shared runners are enabled by default as of GitLab 8.2, but can be disabled with the +Shared runners are enabled by default as of GitLab 8.2, but can be disabled with the `DISABLE SHARED RUNNERS` button. Previous versions of GitLab defaulted shared runners to disabled. @@ -142,5 +142,12 @@ project. # Attack vectors in runners -Mentioned briefly earlier, but the following things of runners can be exploited. -We're always looking for contributions that can mitigate these [Security Considerations](https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/security/index.md). +Depending on the executor that GitLab Runners use, they may not offer secure +isolation between projects that they do builds for. In that case, you are +**trusting** all GitLab users who can push code to project A, B or C to run +shell scripts on the machine hosting runner X. + +We're always looking for contributions that can mitigate these Security +considerations. Read more on [Runners security][security]. + +[security]: https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/security/index.md |