executor: run trusted playbook in a bubblewrap

This change renames untrusted_wrapper to execution_wrapper and uses bubblewrap for both trusted and untrusted playbooks by default. This change adds new options to the zuul.conf executor section to let operators define what directories to mount ro or rw for both context: * trusted_ro_dirs/trusted_rw_dirs, and * untrusted_ro_dirs/untrusted_rw_dirs Change-Id: I9a8a74a338a8a837913db5e2effeef1bd949a49c Story: 2001070 Task: 4687
2017-06-15 06:00:12 +00:00
parent 2438860823
commit 44aef15d6e
7 changed files with 45 additions and 15 deletions
--- a/zuul/driver/nullwrap/init.py
+++ b/zuul/driver/nullwrap/init.py
@@ -26,3 +26,6 @@ class NullwrapDriver(Driver, WrapperInterface):

    def getPopen(self, **kwargs):
        return subprocess.Popen
+
+    def setMountsMap(self, **kwargs):
+        pass