Skip to content

gitlab_runner: try to protect the VM runner kernel from the root user

nl6720 requested to merge nl6720/infrastructure:vm_runner-lockdown into master

Enable kernel lockdown in confidentiality mode to restrict how the root user can interact with the kernel.

See https://wiki.archlinux.org/title/Security#Kernel_lockdown_mode and https://man.archlinux.org/man/kernel_lockdown.7.

This may or may not improve ~security.

Merge request reports

Loading