Turn off 'noexec' option by default for named volumes #6325
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
Ed's 160-volumes test has leaked in, but I don't think adding extra testing here is a bad thing. |
|
LGTM assuming happy tests |
|
LGTM. Thank you for bringing in the (new) tests rather than skipping them. |
|
Grumble - maybe the tests weren't such a good idea. One of the failures is almost certainly due to the CapItAliZaTion changes. The other, a failing I'm OK if you want to just remove those failing tests. |
We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. This is a backport from the master branch to v1.9 branch. Signed-off-by: Matthew Heon <[email protected]>
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
/lgtm |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
github-actions
bot
added
the
locked - please file new issue/PR
We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'.
This is a backport from the master branch to v1.9 branch.