diff options
| author | madaidan | 2019-09-21 06:33:49 -0700 |
|---|---|---|
| committer | jvoisin | 2019-10-05 15:21:40 +0200 |
| commit | 58773088ac1ee1fff8a2f1913442d68b2726daf6 (patch) | |
| tree | 0021946482095ab454fa99692ec7f0c0cd9d7559 /.gitlab-ci.yml | |
| parent | 37145531854879081fddd6019bdb9ba693210cf2 (diff) | |
Mount a new tmpfs on /tmp and drop all capabilities
This mounts a new tmpfs on /tmp so any files residing there would be hidden
from the sandbox. Many programs store some files in there that might be useful
to an attacker. It also drops all capabilities incase it is ever run with
extra capabilities for whatever reason.
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35bd62d..5713d5b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
| @@ -16,7 +16,7 @@ linting:bandit: | |||
| 16 | script: # TODO: remove B405 and B314 | 16 | script: # TODO: remove B405 and B314 |
| 17 | - bandit ./mat2 --format txt --skip B101 | 17 | - bandit ./mat2 --format txt --skip B101 |
| 18 | - bandit -r ./nautilus/ --format txt --skip B101 | 18 | - bandit -r ./nautilus/ --format txt --skip B101 |
| 19 | - bandit -r ./libmat2 --format txt --skip B101,B404,B603,B405,B314 | 19 | - bandit -r ./libmat2 --format txt --skip B101,B404,B603,B405,B314,B108 |
| 20 | 20 | ||
| 21 | linting:codespell: | 21 | linting:codespell: |
| 22 | image: $CONTAINER_REGISTRY:linting | 22 | image: $CONTAINER_REGISTRY:linting |