Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
mat2
mat2
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 13
    • Issues 13
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • jvoisin
  • mat2mat2
  • Merge Requests
  • !62

Closed
Opened Sep 21, 2019 by madaidan@madaidan
  • Report abuse
Report abuse

Mount a new tmpfs on /tmp and drop all capabilities

  • Overview 9
  • Commits 3
  • Pipelines 3
  • Changes 2

This mounts a new tmpfs on /tmp so any files residing there would be hidden from the sandbox. Many programs store some files in there that might be useful to an attacker.

It also drops all capabilities incase it is ever run with extra capabilities for whatever reason.

Assignee
Assign to
Reviewer
Request review from
None
Milestone
None
Assign milestone
Time tracking
Reference: jvoisin/mat2!62
Source branch: bubblewrap