Gitlab-ci specific runners availability policy for other users?

Hello gitlab-community!

I managed to set up a build and test environment for a small project and register some specific runners for the project. However, first thing i noticed was that my other projects on the gitlab instance now show the same registered runners as “available”, with the option to activate them for the project. So far this seems fine and working as intended, even if I expected a specific runner to be associated to only the repository i registered it to via the project token.
However, I also noticed that some other users now see my runners available for their projects. It seems that not everybody sees them, only some users. Since the gitlab instance is quite big (university run) this is obviously a problem if random people can use my build machine.
Therefore, my question is what exactly the policy is for other people to see specific runners for their projects and if there is any way to control/restrict this. I could not find any documentation on this either…


Just as an update to anyone wondering:
So far I have been able to anderstand this much: The runners are available to anyone who is part of a project that uses the runner. So, anyone that is invited to a project can enable the runners to build any other project they are part of, which makes control over who is accessing the runners rather difficult. It feels like there should be a way to control this better or at least optionally restrict a runner to really only run for a specific project, or at least this should be documented somewhere as it might pose quite a big privacy/security problem for the the runner instances.



We just discovered a user-registered runner on our system. I, too, would like the ability to prevent, or at least better control, runner availability. I suspect that it would not be hard to harvest information from other users. I’ll either raise an issue and/or add a feature request.