Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
0.28.2, 1.0.1
-
None
Description
Currently, if the task defines a container image, the command executor will be run under root because it needs to perform pivot_root.
That means if the task wants to run under an unprivileged user, the sandbox of that task will not be writable because it's owned by root.