You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
jupyterhub-ssh should run as an unprivileged process, with the
container quite locked down in the helm configuration.
jupyterhub-sftp requires CAP_SYSADMIN and root, so we can
bind mount user home directories & sshd can chroot into them.
However, we should drop all other permissions there.
The text was updated successfully, but these errors were encountered:
So I played around with this, and dropped privs for the ssh process. However, jupyterhub-sftp still needs to run privileged, since it bind mounts and sshd chroots. CAP_SYS_ADMIN wasn't enough for the bind-mounting, although it was for chrooting....
jupyterhub-ssh should run as an unprivileged process, with the
container quite locked down in the helm configuration.
jupyterhub-sftp requires
CAP_SYSADMIN
androot
, so we canbind mount user home directories & sshd can chroot into them.
However, we should drop all other permissions there.
The text was updated successfully, but these errors were encountered: