Skip to content

Commit 165c908

Browse files
rbanka1rbanka1
committed
security fix
1 parent 57d71a4 commit 165c908

File tree

3 files changed

+2
-3
lines changed

3 files changed

+2
-3
lines changed

.github/scripts/install_oneAPI.sh

100644100755
File mode changed.

.github/workflows/reusable_basic.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
runs-on: ubuntu-latest
2020
container:
2121
image: ghcr.io/bb-ur/umf-${{ matrix.os }}:latest
22-
options: --privileged
22+
options: --user test_user --cap-add=SYS_NICE --cap-add=SYS_ADMIN --cap-add=CAP_SYS_RESOURCE --cap-add=CAP_SETUID --cap-add=CAP_KILL --cap-add=SYS_PTRACE --cgroupns=host
2323
volumes:
2424
- ${{ github.workspace }}:${{ github.workspace }}
2525
strategy:
@@ -157,7 +157,6 @@ jobs:
157157
158158
- name: Install oneAPI basekit
159159
if: matrix.compiler.cxx == 'icpx'
160-
# Installing via script to avoid installing multi-line bash command by root
161160
run: |
162161
echo "${USERPASS}" | sudo -Sk ./.github/scripts/install_oneAPI.sh
163162

.github/workflows/reusable_fast.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
runs-on: ${{ github.repository_owner == 'oneapi-src' && 'intel-ubuntu-22.04' || 'ubuntu-22.04' }}
1818
container:
1919
image: ghcr.io/bb-ur/umf-${{ matrix.os }}:latest
20-
options: --user test_user --privileged
20+
options: --user test_user --cap-add=SYS_NICE --cap-add=SYS_ADMIN --cap-add=CAP_SYS_RESOURCE --cap-add=CAP_SETUID --cap-add=CAP_KILL --cap-add=SYS_PTRACE --cgroupns=host
2121
volumes:
2222
- ${{ github.workspace }}:${{ github.workspace }}
2323
strategy:

0 commit comments

Comments
 (0)