External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-27 05:45:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3875 from wenottingham/pids-in-namespaaaaaaaaace

Browse Source 
Unshare PID namespace when using bubblewrap.
This commit is contained in:
Bill Nottingham
2016-11-07 17:11:47 -05:00
committed by GitHub
parent 428447a22a 51321b30f0
commit e02ab1940b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/utils.py
View File

@@ -557,7 +557,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
- /tmp (except for own tmp files) - /tmp (except for own tmp files)
''' '''
from django.conf import settings from django.conf import settings
new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--dev-bind', '/', '/'] new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--unshare-pid', '--dev-bind', '/', '/']
hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log', hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log',
tempfile.gettempdir(), settings.PROJECTS_ROOT, tempfile.gettempdir(), settings.PROJECTS_ROOT,
settings.JOBOUTPUT_ROOT] settings.JOBOUTPUT_ROOT]