Changes
Page history
notice lack of ENTRYPOINT
authored
Feb 08, 2021
by
anarcat
Hide whitespace changes
Inline
Side-by-side
service/ci.md
View page @
ae976939
...
@@ -384,7 +384,9 @@ inconsistent at best, see [this other MR](https://gitlab.com/gitlab-org/gitlab-r
...
@@ -384,7 +384,9 @@ inconsistent at best, see [this other MR](https://gitlab.com/gitlab-org/gitlab-r
We are considering
[
podman
](
https://podman.io/
)
for running containers more securely:
We are considering
[
podman
](
https://podman.io/
)
for running containers more securely:
because they can run containers "rootless" (without running as root on
because they can run containers "rootless" (without running as root on
the host), they are generally thought to be better immune against
the host), they are generally thought to be better immune against
container escapes. See
[
those instructions
](
https://github.com/jonasbb/podman-gitlab-runner
)
container escapes. See
[
those instructions
](
https://github.com/jonasbb/podman-gitlab-runner
)
. Do note that custom
executors have limitations that the default Docker executor do not,
see for example the
[
lack of ENTRYPOINT support
](
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27301
)
.
This could also possibly make it easier to build containers inside
This could also possibly make it easier to build containers inside
GitLab CI, which would otherwise require docker-in-docker (DinD),
GitLab CI, which would otherwise require docker-in-docker (DinD),
...
...
...
...
