Run some services as non-root users (!438) · Merge requests · gfx-ci / CI-tron · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

clayton craft requested to merge craftyguy/valve-infra:no-root-services into master Dec 05, 2022

This is a partial implementation to fix #26 (closed), the following services now run as a non-root user:

These services still run as root:

telegraf -- this runs as a privileged container... why?
executor -- runs dnsmasq, which needs to bind to ports <1000

Edited Dec 09, 2022 by Martin Roukala