diff options
| author | feistel <6742251-feistel@users.noreply.gitlab.com> | 2021-08-10 19:44:16 +0300 |
|---|---|---|
| committer | feistel <6742251-feistel@users.noreply.gitlab.com> | 2021-10-07 16:40:43 +0300 |
| commit | dc7d694f00eadd078a05991bff7c78cb29efeff4 (patch) | |
| tree | ca2c07cc40a46e67623c598a6735d49458a2e157 /internal | |
| parent | 64f914a804a4da8a521c5cbe7df1b8cb73f45a4f (diff) | |
refactor: stop running gitlab-pages as root
We have now disabled chroot by default since %14.1, and
recently removed support for disk-based configuration
coming in %14.3. And we've also removed the chroot
completely from Pages.
Since nginx can do TCP proxying and there's no need to use
privileged ports, Pages has been confirmed to run as non-root
in k8s environment without any issues.
This MR removes support for the gitlab-pages daemon completely.
Changelog: removed
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/config/config.go | 13 | ||||
| -rw-r--r-- | internal/config/flags.go | 4 |
2 files changed, 2 insertions, 15 deletions
diff --git a/internal/config/config.go b/internal/config/config.go index 71ff0eed..860ea4be 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -18,7 +18,6 @@ type Config struct { General General ArtifactsServer ArtifactsServer Authentication Auth - Daemon Daemon GitLab GitLab Listeners Listeners Log Log @@ -80,12 +79,6 @@ type Auth struct { Scope string } -// Daemon groups settings related to configuring GitLab Pages daemon -type Daemon struct { - UID uint - GID uint -} - // Cache configuration for GitLab API type Cache struct { CacheExpiry time.Duration @@ -215,10 +208,6 @@ func loadConfig() (*Config, error) { RedirectURI: *redirectURI, Scope: *authScope, }, - Daemon: Daemon{ - UID: *daemonUID, - GID: *daemonGID, - }, Log: Log{ Format: *logFormat, Verbose: *logVerbose, @@ -281,8 +270,6 @@ func LogConfig(config *Config) { log.WithFields(log.Fields{ "artifacts-server": *artifactsServer, "artifacts-server-timeout": *artifactsServerTimeout, - "daemon-gid": *daemonGID, - "daemon-uid": *daemonUID, "default-config-filename": flag.DefaultConfigFlagname, "disable-cross-origin-requests": *disableCrossOriginRequests, "domain": config.General.Domain, diff --git a/internal/config/flags.go b/internal/config/flags.go index aa5bf1c5..6523c20a 100644 --- a/internal/config/flags.go +++ b/internal/config/flags.go @@ -21,8 +21,8 @@ var ( metricsAddress = flag.String("metrics-address", "", "The address to listen on for metrics requests") sentryDSN = flag.String("sentry-dsn", "", "The address for sending sentry crash reporting to") sentryEnvironment = flag.String("sentry-environment", "", "The environment for sentry crash reporting") - daemonUID = flag.Uint("daemon-uid", 0, "Drop privileges to this user") - daemonGID = flag.Uint("daemon-gid", 0, "Drop privileges to this group") + _ = flag.Uint("daemon-uid", 0, "Drop privileges to this user") + _ = flag.Uint("daemon-gid", 0, "Drop privileges to this group") _ = flag.Bool("daemon-enable-jail", false, "DEPRECATED and ignored, will be removed in 15.0") _ = flag.Bool("daemon-inplace-chroot", false, "DEPRECATED and ignored, will be removed in 15.0") // TODO: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/599 propagateCorrelationID = flag.Bool("propagate-correlation-id", false, "Reuse existing Correlation-ID from the incoming request header `X-Request-ID` if present") |