-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
We'd like to be able to provide node isolation from the build containers. One major way to ensure this is to restrict the ability to create privileged containers to the Jenkins Configuration.
The privileged containers can then be restricted in the manner the end user needs to prevent further abuse.
- is related to
-
JENKINS-45680 Allow non-admins to manage kubernetes pod slaves
-
- Open
-
The driving use case for this is DIND setups - allowing the docker daemon to reachable to other containers in the pod.
Using Authz, we can prevent the ability to to abuse the DIND daemon, but we need to then restrict the ability of others to bypass this by spinning up their containers in a pod that are privileged.