open-nomad/client/allocrunner/taskrunner/getter
Seth Hoenig ff4503aac6
client: disable running artifact downloader as nobody (#16375)
* client: disable running artifact downloader as nobody

This PR reverts a change from Nomad 1.5 where artifact downloads were
executed as the nobody user on Linux systems. This was done as an attempt
to improve the security model of artifact downloading where third party
tools such as git or mercurial would be run as the root user with all
the security implications thereof.

However, doing so conflicts with Nomad's own advice for securing the
Client data directory - which when setup with the recommended directory
permissions structure prevents artifact downloads from working as intended.

Artifact downloads are at least still now executed as a child process of
the Nomad agent, and on modern Linux systems make use of the kernel Landlock
feature for limiting filesystem access of the child process.

* docs: update upgrade guide for 1.5.1 sandboxing

* docs: add cl

* docs: add title to upgrade guide fix
2023-03-08 15:58:43 -06:00
..
error.go
error_test.go
params.go artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
params_test.go artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
replacer_test.go
sandbox.go artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
sandbox_test.go
testing.go artifact: protect against unbounded artifact decompression (1.5.0) (#16151) 2023-02-14 09:28:39 -06:00
util.go
util_default.go
util_linux.go client: disable running artifact downloader as nobody (#16375) 2023-03-08 15:58:43 -06:00
util_linux_test.go
util_test.go
util_windows.go artifact: fix sandbox behavior when destination is shared alloc directory (#15712) 2023-01-09 09:46:32 -06:00
z_getter_cmd.go