yuvipanda
commented
4 years ago So I played around with this, and dropped privs for the ssh process. However, jupyterhub-sftp still needs to run privileged, since it bind mounts and sshd chroots. CAP_SYS_ADMIN wasn't enough for the bind-mounting, although it was for chrooting....
jupyterhub-ssh should run as an unprivileged process, with the container quite locked down in the helm configuration.
jupyterhub-sftp requires
CAP_SYSADMINandroot, so we can bind mount user home directories & sshd can chroot into them. However, we should drop all other permissions there.