Attention une mise à jour du service Gitlab va être effectuée le mardi 30 novembre entre 17h30 et 18h00. Cette mise à jour va générer une interruption du service dont nous ne maîtrisons pas complètement la durée mais qui ne devrait pas excéder quelques minutes. Cette mise à jour intermédiaire en version 14.0.12 nous permettra de rapidement pouvoir mettre à votre disposition une version plus récente.

Commit d27d6499 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

change the job work directory: /tmp -> /work

Previous code put the job files into /tmp and used this directory
as the current directory for running the job, which is disturbing
because we do not have a standard place where to put temporary files.

It is essential to change this now because since jobs are no longer
run as the root user, it is no longer possible to create arbitrary tmp
directories during the job.

BTW app developers should consider that the job execution dir is
parent e688e0d3
......@@ -1069,11 +1069,12 @@ class JobManager(Manager):
assert info.version == "sandbox"
image = tmp_img = info.client.commit(ctrl.gen_sandbox_name(webapp), repo, info.version)["Id"]
# TODO use another workdir
ctrl.check_host_path("isdir", job_path)
hc = ctrl.sandbox.create_host_config(
binds = {job_path: {"bind": "/tmp"}},
# mount the job data dir at an arbitrary location
# (/work). This is better that using /tmp because it
# keeps /tmp available for storing temporary files
binds = {job_path: {"bind": "/work"}},
# disable all capabilities (for security reason)
cap_drop = ["all"],
# disable network access (for security reason)
......@@ -1101,7 +1102,8 @@ class JobManager(Manager):
# /var/lib/docker with the 'nosuid' flag on nodes that
# run jobs
user = ctrl.job_user,
working_dir = "/tmp",
# run the job in job data dir
working_dir = "/work",
# NOTE: the command line is a little complex, but this is
# to ensure that (TODO write tests for this):
# - no output is lost (we go though a pipe in case the
......@@ -1128,7 +1130,7 @@ class JobManager(Manager):
trap "sighnd TERM ABORT" TERM
trap "sighnd ALRM TIMEOUT" ALRM
mkfifo "$fifo" 2>&1 | tee -a allgo.log || exit $?
exec cat <"$fifo" | tee -a allgo.log &
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment