executor: run trusted playbook in a bubblewrap

This change renames untrusted_wrapper to execution_wrapper and uses bubblewrap for both trusted and untrusted playbooks by default. This change adds new options to the zuul.conf executor section to let operators define what directories to mount ro or rw for both context: * trusted_ro_dirs/trusted_rw_dirs, and * untrusted_ro_dirs/untrusted_rw_dirs Change-Id: I9a8a74a338a8a837913db5e2effeef1bd949a49c Story: 2001070 Task: 4687
author: Tristan Cacqueray <tdecacqu@redhat.com> 2017-06-15 06:00:12 +0000
committer: Tristan Cacqueray <tdecacqu@redhat.com> 2017-06-17 02:43:19 +0000
commit: 44aef15d6ef65c2296b13330d230308075f8df37 (patch)
tree: ede8c9ebe54bb93479a6a61991b5c7dd08509659 /etc
parent: 2438860823412bc7d38cdf02550ee5a62d4bb13f (diff)
download: zuul-44aef15d6ef65c2296b13330d230308075f8df37.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/zuul.conf-sample b/etc/zuul.conf-sample
index 1aee1fa18..2909ea6df 100644
--- a/etc/zuul.conf-sample
+++ b/etc/zuul.conf-sample
@@ -26,6 +26,8 @@ zuul_url=http://zuul.example.com/p
 
 [executor]
 default_username=zuul
+trusted_ro_dirs=/opt/zuul-scripts:/var/cache
+trusted_rw_dirs=/opt/zuul-logs
 
 [webapp]
 listen_address=0.0.0.0
author	Tristan Cacqueray <tdecacqu@redhat.com>	2017-06-15 06:00:12 +0000
committer	Tristan Cacqueray <tdecacqu@redhat.com>	2017-06-17 02:43:19 +0000
commit	44aef15d6ef65c2296b13330d230308075f8df37 (patch)
tree	ede8c9ebe54bb93479a6a61991b5c7dd08509659 /etc
parent	2438860823412bc7d38cdf02550ee5a62d4bb13f (diff)
download	zuul-44aef15d6ef65c2296b13330d230308075f8df37.tar.gz