diff options
author | Jaime Martinez <jmartinez@gitlab.com> | 2021-07-02 05:18:39 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2021-07-12 06:33:45 +0300 |
commit | 4d1dcf7933442c4b062b85fe26a2aa6cc75a078d (patch) | |
tree | d666b9d1ed7b452a439e9c8761701acae694ffc0 /README.md | |
parent | 98303e171b4e7ce5152cadb71afaded07944f92c (diff) |
Disable chroot and add daemon-enable-jail flag
- Disable chroot mechanism by default.
- Adds the daemon-enable-jail flag which will allow users
to enable the legacy chroot mechanism if anything goes wrong.
This flag won't be available via Omnibus, instead users will
need to define the environment variable and pass to Pages.
- Simplify chroot logic from http_fs
- Update jail documentation
- Enable chroot when domain-config-source=disk
Changelog: changed
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -83,6 +83,11 @@ See [doc/development.md](doc/development.md) ### Run daemon **in secure mode** +**Update**: + +Starting from GitLab 14.1 the +[jailing/chroot mechanism is disabled by default](https://docs.gitlab.com/ee/administration/pages/#jailing-mechanism-disabled-by-default-for-api-based-configuration). + When compiled with `CGO_ENABLED=0` (which is the default), `gitlab-pages` is a static binary and so can be run in chroot with dropped privileges. |