blob: acf7b1f23d129306d754d7cee4cf92be9ba16798 (
plain)
1
2
3
4
5
6
7
8
|
---
security:
- |
Zuul will execute bwrap with --disable-userns set if two conditions
hold. 1) The version of bwrap is 0.8.0 or newer and 2) User namespaces
are enabled in the zuul-executor runtime context. Doing so will
prevent the zuul-executor bwrap runtimes from creating additional
user namespaces which fortifies Zuul's security position.
|