I've set the script to be sandboxed in the Job DSL script, though it looks link only a marginal improvement because of the need to approve missing method signatures.
What would the Job DSL plugin need to do to automatically approve the non-sandboxed script it sets in a job? As you mention, security here is already being by-passed when the Job DSL plugin is in use. - David On Thursday, August 13, 2015 at 12:05:14 AM UTC+3, Jesse Glick wrote: > > On Tuesday, July 21, 2015 at 4:17:51 PM UTC-4, David Resnick wrote: >> >> How can I have the workflow job script updated via Job DSL without having >> to approve the script each time it changes? >> > > If the Job DSL plugin supports setting sandbox=true here, use that. > However it would be a nice enhancement for the Job DSL integration to > automatically approve a flow definition with sandbox=false that it creates. > (Job DSL builds have unrestricted access to Jenkins so anything created > that way can be assumed to be from a superuser. I am not even sure how you > would secure a Jenkins installation containing this plugin, unless you are > using only basic security levels like “any logged-in user”.) > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0e341cce-c18e-4779-9b94-543aea0f4b89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
