• madaidan's avatar
    Mount a new tmpfs on /tmp and drop all capabilities · 58773088
    madaidan authored
    This mounts a new tmpfs on /tmp so any files residing there would be hidden
    from the sandbox. Many programs store some files in there that might be useful
    to an attacker.  It also drops all capabilities incase it is ever run with
    extra capabilities for whatever reason.
Validating GitLab CI configuration… Learn more