Why does buildpack task require privileged?

buildpacks / tekton-integration

Buildpacks + Tekton

22 stars 3 forks source link

Why does buildpack task require privileged? #29

Open kscherer opened 3 years ago

kscherer commented 3 years ago

I would love to integrate the buildpack tekton tasks into our pipelines but the use of privileged access isn't going to get past our security review.

https://github.com/buildpacks/tekton-integration/blob/main/task/buildpacks/0.3/buildpacks.yaml#L118

Is it required for the chown? I am using the kaniko task and it uses runAsUser: 0 but not privileged. Ideally it would be possible to build images without any elevated permissions.

GijsvanDulmen commented 2 years ago

We had the same question! :-)

jromero commented 2 years ago

Some context here:

Links:

https://tektoncd.slack.com/archives/CK9JGKS20/p1641975644014700
https://github.com/tektoncd/catalog/issues/197
https://github.com/tektoncd/catalog/pull/899

zroubalik commented 2 years ago

This has been fixed in https://github.com/tektoncd/catalog/blob/main/task/buildpacks/0.4/buildpacks.yaml, I think we can close this issue.