51a2212d3d
* client: sandbox go-getter subprocess with landlock This PR re-implements the getter package for artifact downloads as a subprocess. Key changes include On all platforms, run getter as a child process of the Nomad agent. On Linux platforms running as root, run the child process as the nobody user. On supporting Linux kernels, uses landlock for filesystem isolation (via go-landlock). On all platforms, restrict environment variables of the child process to a static set. notably TMP/TEMP now points within the allocation's task directory kernel.landlock attribute is fingerprinted (version number or unavailable) These changes make Nomad client more resilient against a faulty go-getter implementation that may panic, and more secure against bad actors attempting to use artifact downloads as a privilege escalation vector. Adds new e2e/artifact suite for ensuring artifact downloading works. TODO: Windows git test (need to modify the image, etc... followup PR) * landlock: fixup items from cr * cr: fixup tests and go.mod file |
||
|---|---|---|
| .. | ||
| hcl2 | ||
| affinity.mdx | ||
| artifact.mdx | ||
| change_script.mdx | ||
| check.mdx | ||
| check_restart.mdx | ||
| connect.mdx | ||
| constraint.mdx | ||
| csi_plugin.mdx | ||
| device.mdx | ||
| dispatch_payload.mdx | ||
| env.mdx | ||
| ephemeral_disk.mdx | ||
| expose.mdx | ||
| gateway.mdx | ||
| group.mdx | ||
| index.mdx | ||
| job.mdx | ||
| lifecycle.mdx | ||
| logs.mdx | ||
| meta.mdx | ||
| migrate.mdx | ||
| multiregion.mdx | ||
| network.mdx | ||
| parameterized.mdx | ||
| periodic.mdx | ||
| proxy.mdx | ||
| reschedule.mdx | ||
| resources.mdx | ||
| restart.mdx | ||
| scaling.mdx | ||
| service.mdx | ||
| sidecar_service.mdx | ||
| sidecar_task.mdx | ||
| spread.mdx | ||
| task.mdx | ||
| template.mdx | ||
| update.mdx | ||
| upstreams.mdx | ||
| vault.mdx | ||
| volume.mdx | ||
| volume_mount.mdx | ||