)]}'
{
  "commit": "ff7452b586134e18af9f1362d7b96dcb64aa8d71",
  "tree": "7e3b9fe5c161cedf1073a086d0b6e5511b20bd98",
  "parents": [
    "231ee041b652ab2aea6a64e0c4929fa4beb5851b"
  ],
  "author": {
    "name": "Jan Schär",
    "email": "jan@monogon.tech",
    "time": "Thu Nov 28 13:08:55 2024 +0100"
  },
  "committer": {
    "name": "Jan Schär",
    "email": "jan@monogon.tech",
    "time": "Thu Nov 28 14:45:57 2024 +0000"
  },
  "message": "m/node/kubernetes: mount PVs with noexec on the host\n\nNow that runc always replaces per-mount-point flags when bind-mounting\nvolumes inside the container, we can mount them with noexec on the host\nwithout affecting workloads. This has some security advantages, as any\nexecutables in volumes are no longer executable from the host.\n\nChange-Id: Id5a8ea8caf702fca58d300fc9e17c21e94ebaf13\nReviewed-on: https://review.monogon.dev/c/monogon/+/3660\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f7ff00a301c9a8dbf0afd8d90c458234c7874ce1",
      "old_mode": 33188,
      "old_path": "metropolis/node/kubernetes/csi.go",
      "new_id": "c4e793d2b625e796c5124898bf905e112202711f",
      "new_mode": 33188,
      "new_path": "metropolis/node/kubernetes/csi.go"
    }
  ]
}