This is particularly important for FLOSS projects wanting to use jenkins and test GitHub PR with it.
This was triggered by some problem with one PR, that for some reason ends up with a workspace without a git repo in it, combined with the fact that we use git itself to version Jenkins configuration. So, when this happened, the pipeline script included a command to make sure the repo is clean, using `git reset --hard`. Since there was no `.git` in the workspace, the Jenkins config git was affected, thus losing data. So it looks like the workspace is not isolated via `chroot` or other means. What happens if a malicious user just use `rm -rf $JENKINS_HOME` as the pipeline build script in a PR? How would you recommend to protect against these kind of issues? Is there any way to force all pipeline jobs to run inside a docker *before* running any commands found in the Jenkinsfile? Thank you! -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/84775341-aa18-494b-9af7-0809cbd1f63b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
