Sandbox mode
Opened this issue · 0 comments
aleozlx commented
- Only containerized steps are allowed.
- Possibly use unprivileged containers only??
- Partial context filter plugin for security hardening: filter partial context through a program specified in /etc (which takes yaml and outputs a yaml represented context). e.g. types of images to use etc.
- Pass
--security-opt
flag (https://docs.docker.com/engine/reference/run/#security-configuration) to support many mandatory access control systems.