[JIRA] (JENKINS-61908) Do not mount Jenkins container volumes on Job containers

3 views
Skip to first unread message

hello@tomlankhorst.nl (JIRA)

unread,
Apr 15, 2020, 2:41:02 AM4/15/20
to jenkinsc...@googlegroups.com
Tom Lankhorst created an issue
 
Jenkins / Bug JENKINS-61908
Do not mount Jenkins container volumes on Job containers
Issue Type: Bug Bug
Assignee: Unassigned
Components: docker-workflow-plugin
Created: 2020-04-15 06:40
Environment: Ubuntu 18.04
Jenkins 2.150
docker-workflow 1.21
Priority: Major Major
Reporter: Tom Lankhorst

The plugin checks for `containerId.isPresent()`, then tries to mount all volumes mounted on the Jenkins container on the new Job container.

This is exactly what I want to prevent since it poses a huge attack surface for untrusted code.

https://github.com/jenkinsci/docker-workflow-plugin/blob/1089131014350e11adfa364d34e7717954350261/src/main/java/org/jenkinsci/plugins/docker/workflow/WithContainerStep.java#L168

Suggestion: make this behaviour configurable.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages