tekton-integration icon indicating copy to clipboard operation
tekton-integration copied to clipboard

Published 20 hours ago verified publisher icon buildpacks

Why does buildpack task require privileged?

Open kscherer opened this issue 3 years ago • 3 comments

I would love to integrate the buildpack tekton tasks into our pipelines but the use of privileged access isn't going to get past our security review.

https://github.com/buildpacks/tekton-integration/blob/main/task/buildpacks/0.3/buildpacks.yaml#L118

Is it required for the chown? I am using the kaniko task and it uses runAsUser: 0 but not privileged. Ideally it would be possible to build images without any elevated permissions.

kscherer avatar Apr 15 '21 16:04 kscherer

We had the same question! :-)

GijsvanDulmen avatar Jan 12 '22 08:01 GijsvanDulmen

Some context here:

image

Links:

  • https://tektoncd.slack.com/archives/CK9JGKS20/p1641975644014700
  • https://github.com/tektoncd/catalog/issues/197
  • https://github.com/tektoncd/catalog/pull/899

jromero avatar Jan 18 '22 16:01 jromero

This has been fixed in https://github.com/tektoncd/catalog/blob/main/task/buildpacks/0.4/buildpacks.yaml, I think we can close this issue.

zroubalik avatar Jun 08 '22 19:06 zroubalik