diff options
author | Tristan Cacqueray <tdecacqu@redhat.com> | 2017-06-15 06:00:12 +0000 |
---|---|---|
committer | Tristan Cacqueray <tdecacqu@redhat.com> | 2017-06-17 02:43:19 +0000 |
commit | 44aef15d6ef65c2296b13330d230308075f8df37 (patch) | |
tree | ede8c9ebe54bb93479a6a61991b5c7dd08509659 /etc | |
parent | 2438860823412bc7d38cdf02550ee5a62d4bb13f (diff) | |
download | zuul-44aef15d6ef65c2296b13330d230308075f8df37.tar.gz |
executor: run trusted playbook in a bubblewrap
This change renames untrusted_wrapper to execution_wrapper and uses
bubblewrap for both trusted and untrusted playbooks by default.
This change adds new options to the zuul.conf executor section to let
operators define what directories to mount ro or rw for both context:
* trusted_ro_dirs/trusted_rw_dirs, and
* untrusted_ro_dirs/untrusted_rw_dirs
Change-Id: I9a8a74a338a8a837913db5e2effeef1bd949a49c
Story: 2001070
Task: 4687
Diffstat (limited to 'etc')
-rw-r--r-- | etc/zuul.conf-sample | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/zuul.conf-sample b/etc/zuul.conf-sample index 1aee1fa18..2909ea6df 100644 --- a/etc/zuul.conf-sample +++ b/etc/zuul.conf-sample @@ -26,6 +26,8 @@ zuul_url=http://zuul.example.com/p [executor] default_username=zuul +trusted_ro_dirs=/opt/zuul-scripts:/var/cache +trusted_rw_dirs=/opt/zuul-logs [webapp] listen_address=0.0.0.0 |