← Signals
- gitea
- actions
- docker
- ci
- exploitarium
news
Gitea act_runner container.options Host Namespace Bypass
Workflow `container.options` preserves --pid=host and cap-add=ALL while Privileged=false — nsenter writes host marker from job container.
Summary
Workflow container.options preserves --pid=host and cap-add=ALL while Privileged=false — nsenter writes host marker from job container. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | Gitea act_runner (Docker-backed) |
| Primitive | mergeContainerConfigs keeps HostConfig fields when privileged forced false |
| Impact | Untrusted workflow on shared runner → host PID namespace access and root marker command. |
Attack Chain
YAML options → act_runner exec → nsenter → /tmp marker on host
Mitigation
Sanitize or block workflow container.options; dedicated ephemeral runners per trust zone.