gregarmer
commented
10 years ago If we run each job in an isolated environment (LXC container / chroot) and someone does an rm -rf, then they kinda deserve it :wink:
I think it's going to be really difficult to control that sort of thing. A user may want to legitimately rm -rf build dist as part of their build steps.
This definitely needs more discussion and thought.
I am wondering how we want to approach job sandboxing; an errant
rm -rfin a build job could wreak havoc on a worker.The question is, do we want to use something that is guaranteed to be installed on a worker (like chroot for osx/linux), or require workers to install something OS-specific (LXC for linux etc.)? The former would be simple but not robust, while the latter would be ... complicated.
Thoughts @gregarmer ?