You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 20, 2020. It is now read-only.
On a macOS worker, in an attempt to reduce unneeded permissions given to tasks, I tried to make as many configuration files as possible owned by root with the user running generic-worker only granted read accoss through a Unix group.
This fails, I assume because generic-worker tries to take ownership of the file configured through signingKeyLocation:
On a macOS worker, in an attempt to reduce unneeded permissions given to tasks, I tried to make as many configuration files as possible owned by
rootwith the user runninggeneric-workeronly granted read accoss through a Unix group.This fails, I assume because generic-worker tries to take ownership of the file configured through
signingKeyLocation:generic-worker/chain_of_trust_all-unix-style.go
Lines 42 to 46 in 2b70c93
Would it be acceptable to not try to take ownership and only check that the file is not world-readable?