2

I'm very new to contentious integration with Docker and Gitlab.

I have a situation where my script in .gitlab-ci.yml needs to encode files with ioncube, but that's now fully possible due to some security restrictions that Docker has placed. Therefore, I need to modify the docker run command that Gitlab runs when I start a job for my Gitlab project.

According to this page...

In addition, a change to the Docker security options on the container will be required to allow for the licensing process to function by using the –security-opt seccomp:unconfined option to the docker run command.

I need to adding that extra parameter to the docker run call, but since Gitlab does that somewhere, I have no idea how to proceed.

Is there a way I can get Gitlab to include –security-opt seccomp:unconfined when I run a job?

EDIT: I host Gitlab on my own server.

Improve this question
3
  • Are you using your own gitlab server, or are you asking about a repository hosted on gitlab.com? Commented Jan 8, 2018 at 14:33
  • It's my own Gitlab server. @larsks Commented Jan 8, 2018 at 14:37
  • So to clarify, are you asking how you can modify your Gitlab Runner (which is separate from Gitlab itself) to inject additional parameters when it's executing a Docker image? Commented Jan 8, 2018 at 16:50

1 Answer 1

Reset to default
7

The GitLab CI Process executes it's Pipeline stages/builds via a GitLab Runner. (https://docs.gitlab.com/runner/).

The GitLab Runner is registered to a GitLab instance or a specific GitLab Project. The configuration that you specify in the gitlab-ci.yml file is what gets executed by the Runner. In your case, you're specifying the GitLab Runner to execute a Docker container.

There is some advanced configuration that you can do with the GitLab Runners (https://docs.gitlab.com/runner/configuration/advanced-configuration.html). The setting that you are looking for is in this section: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-docker-section.

On the server that is hosting your GitLab Runner (or in the Docker instance that is hosting your GitLab Runner) modify the config.toml file (probably at /etc/gitlab-runner/config.toml). You should see a [runners.docker] section if you've registered this Runner to execute Docker containers. It is in this section that you want to add in:

security_opt: ["seccomp:unconfined"]
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

security_opt = ["seccomp:unconfined"] worked for me

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.