2

I'm very new to contentious integration with Docker and Gitlab.

I have a situation where my script in .gitlab-ci.yml needs to encode files with ioncube, but that's now fully possible due to some security restrictions that Docker has placed. Therefore, I need to modify the docker run command that Gitlab runs when I start a job for my Gitlab project.

According to this page...

In addition, a change to the Docker security options on the container will be required to allow for the licensing process to function by using the –security-opt seccomp:unconfined option to the docker run command.

I need to adding that extra parameter to the docker run call, but since Gitlab does that somewhere, I have no idea how to proceed.

Is there a way I can get Gitlab to include –security-opt seccomp:unconfined when I run a job?

EDIT: I host Gitlab on my own server.

Improve this question
3
  • Are you using your own gitlab server, or are you asking about a repository hosted on gitlab.com? Commented Jan 8, 2018 at 14:33
  • It's my own Gitlab server. @larsks Commented Jan 8, 2018 at 14:37
  • So to clarify, are you asking how you can modify your Gitlab Runner (which is separate from Gitlab itself) to inject additional parameters when it's executing a Docker image? Commented Jan 8, 2018 at 16:50

1 Answer 1

Reset to default
7

The GitLab CI Process executes it's Pipeline stages/builds via a GitLab Runner. (https://docs.gitlab.com/runner/).

The GitLab Runner is registered to a GitLab instance or a specific GitLab Project. The configuration that you specify in the gitlab-ci.yml file is what gets executed by the Runner. In your case, you're specifying the GitLab Runner to execute a Docker container.

There is some advanced configuration that you can do with the GitLab Runners (https://docs.gitlab.com/runner/configuration/advanced-configuration.html). The setting that you are looking for is in this section: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-docker-section.

On the server that is hosting your GitLab Runner (or in the Docker instance that is hosting your GitLab Runner) modify the config.toml file (probably at /etc/gitlab-runner/config.toml). You should see a [runners.docker] section if you've registered this Runner to execute Docker containers. It is in this section that you want to add in:

security_opt: ["seccomp:unconfined"]
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

security_opt = ["seccomp:unconfined"] worked for me

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.