External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-26 16:11:30 -03:30
Code Issues Packages Projects Releases Wiki Activity

Unshare PID namespace when using bubblewrap.

Browse Source 
This prevents some potential nastiness with playbooks running as the awx user.
This commit is contained in:
Bill Nottingham 2016-11-04 22:49:34 -04:00
parent 7167fd7c6b
commit 51321b30f0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/utils.py
View File

@ -557,7 +557,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
- /tmp (except for own tmp files)
'''
from django.conf import settings
new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--dev-bind', '/', '/']
new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--unshare-pid', '--dev-bind', '/', '/']
hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log',
tempfile.gettempdir(), settings.PROJECTS_ROOT,
settings.JOBOUTPUT_ROOT]