Docker executor with rootless podman, what are the security implications of privileged mode?

I have a self-hosted GitLab 16.2 instance, and I am currently changing my setup from a shell executor to a docker executor using rootless podman. I configured that following the guide in the GitLab docs. My pipelines work in principle, but I am seeing intermittent failures of at least two different kinds, which maybe are worth separate topics.

I then somewhat randomly tried to set privileged = true in the [runners.docker] section of the config.toml file, and luckily there are no failures any more. Now my assumption is that privileged mode with a rootless podman setup is much less critical than with podman (or docker) running as root because I think what this does is podman run --privileged and the man page says that this only means that the code run in the container can potentially gain access to the host with the permissions of the user that runs podman. Because this is not root in my case (I have a user gitlab-runner for this), the host can only be accessed with the permissions of that user, bot not root. So security should be the same as when running the shell executor as user gitlab-runner.

Do I have the right understanding, or am I opening a big security hole with privileged mode on a rootless podman setup?

1 Like

Hello, did you ever confirm this. I am thinking the same about setting up the runner in rootless docker and I am having trouble with runner not connecting to the instance.