Merge pull request #3391 from Spredzy/add_etc_ssh_in_ro_bind

bwrap: Add /etc/ssh in bind mounted folder Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2026-01-17 12:41:19 -03:30 · 2019-03-08 17:46:17 +00:00 · 2019-03-08 17:46:17 +00:00 · fb1d918c2d
commit fb1d918c2d
parent b54ec6b9c8 7eb483d810
1 changed files with 1 additions and 1 deletions
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@ -831,7 +831,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
    new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--unshare-pid', '--dev-bind', '/', '/', '--proc', '/proc']
    hide_paths = [settings.AWX_PROOT_BASE_PATH]
    if not kwargs.get('isolated'):
-        hide_paths.extend(['/etc/tower', '/var/lib/awx', '/var/log',
+        hide_paths.extend(['/etc/tower', '/var/lib/awx', '/var/log', '/etc/ssh',
                           settings.PROJECTS_ROOT, settings.JOBOUTPUT_ROOT])
    hide_paths.extend(getattr(settings, 'AWX_PROOT_HIDE_PATHS', None) or [])
    for path in sorted(set(hide_paths)):