Hello,
We have a use case to run an executable under test in its own mount namespace due to use of a static directory that cannot be changed. We have the following wrapper:
#!/bin/sh
mkdir -p <static-directory>
mount --bind $TEMPORARY_DIRECTORY <static-directory>
exec <executable-under-test>
and we can run it with sudo unshare --mount <wrapper>. However the unshare command fails with unshare: unshare failed: Operation not permitted
I am aware of How CircleCI handles security - CircleCI, and I am wondering how it can be achieved on CircleCI with docker executors. Machine executors is an over-kill…
Regards,
Boris.