github.com/ssube/gitlab-ci-multi-runner@v1.2.1-0.20160607142738-b8d1285632e6/docs/security/index.md (about) 1 ## Security of running jobs 2 3 When using `gitlab-ci-multi-runner` you should be aware of potential security implications when running your jobs. 4 5 ### Usage of Shell executor 6 7 **Generally it's unsafe to run tests with `shell` executors.** The jobs are run with user's permissions (gitlab-ci-multi-runner's) and can steal code from other projects that are run on this server. Use only it for running the trusted builds. 8 9 ### Usage of Docker executor 10 11 **Docker can be considered safe when run in non-privileged mode.** To make such setup more secure it's advised to run jobs as user (non-root) in Docker containers with disabled sudo or dropped `SETUID` and `SETGID` capabilities. 12 13 On the other hand there's privileged mode which enables full access to host system, permission to mount and umount volumes and run nested containers. It's not advised to run containers in privileged mode. 14 15 More granular permissions can be configured in non-privileged mode via the `cap_add`/`cap_drop` settings. 16 17 ## Systems with Docker installed 18 19 **This applies to installations below 0.5.0 or one's that were upgraded to newer version** 20 21 When installing package on Linux systems with Docker installed, `gitlab-ci-multi-runner` will create user that will have permisssion to access `Docker` daemon. This makes the jobs run with `shell` executor able to access `docker` with full permissions and potenially allows root access to the server. 22 23 ### Usage of SSH executor 24 25 **SSH executors are susceptible to MITM attack (man-in-the-middle)**, because of missing `StrictHostKeyChecking` option. This will be fixed in one of the future releases. 26 27 ### Usage of Parallels executor 28 29 **Parallels executor is the safest possible option**, because it uses full system virtualization and with VM machines that are configured to run in isolated mode it blocks access to all peripherials and shared folders.