aleozlx/playbook-rs

Sandbox mode

Opened this issue · 0 comments

  • Only containerized steps are allowed.
  • Possibly use unprivileged containers only??
  • Partial context filter plugin for security hardening: filter partial context through a program specified in /etc (which takes yaml and outputs a yaml represented context). e.g. types of images to use etc.
  • Pass --security-opt flag (https://docs.docker.com/engine/reference/run/#security-configuration) to support many mandatory access control systems.