[cloud] Provide ability to disable executing modified pxl scripts by ddelnano · Pull Request #2062 · pixie-io/pixie
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
…cation Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
…ing and renamed to match other SCRIPT_ prefixed settings Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
…tend and proxy service Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
ddelnano added a commit to ddelnano/pixie that referenced this pull request
Aug 6, 2025
…xie-io#2062) Summary: [cloud] Provide ability to disable executing modified pxl scripts Certain security conscious users are hesitant to use Pixie because without RBAC anyone with Pixie UI access can write arbitrary BPF code (bpftrace integration), access or export arbitrary data (modifying pxl scripts, writing export scripts). This change aims to address this concern with a global setting to prevent the ability to execute modified scripts. When an adhoc script is executed, the cloud will hash the contents of the script and check it against the scripts known to the scriptmgr service. If it is contained in the scriptmgr service, the script will be allowed to execute. Note: this does not prevent users from writing new export scripts. Since the query broker can source its scripts from a configmap as of pixie-io#1326, this is deemed as an appropriate mitigation for cluster admins and I'll follow up with UI support to reflect that a vizier is in "configmap mode". Relevant Issues: N/A Type of change: /kind feature Test Plan: The following checks were performed - [x] New tests verify the scriptmgr and api service changes work - [x] Skaffold'ed to a testing cluster and verified script modification is blocked and unmodified scripts are allowed to run. In addition to this, the code editor in the UI is made read only and shows an explanation <details><summary>Screenshots</summary>    </details> Changelog Message: Pixie Cloud can now disable executing modified pxl scripts via the `PL_SCRIPT_MODIFICATION_DISABLED` key in the `pl-script-bundle-config` ConfigMap. See reference manifests for more details. --------- Signed-off-by: Dom Del Nano <ddelnano@gmail.com> GitOrigin-RevId: d12b805
ddelnano added a commit to k8sstormcenter/pixie that referenced this pull request
Feb 25, 2026
…xie-io#2062) Summary: [cloud] Provide ability to disable executing modified pxl scripts Certain security conscious users are hesitant to use Pixie because without RBAC anyone with Pixie UI access can write arbitrary BPF code (bpftrace integration), access or export arbitrary data (modifying pxl scripts, writing export scripts). This change aims to address this concern with a global setting to prevent the ability to execute modified scripts. When an adhoc script is executed, the cloud will hash the contents of the script and check it against the scripts known to the scriptmgr service. If it is contained in the scriptmgr service, the script will be allowed to execute. Note: this does not prevent users from writing new export scripts. Since the query broker can source its scripts from a configmap as of pixie-io#1326, this is deemed as an appropriate mitigation for cluster admins and I'll follow up with UI support to reflect that a vizier is in "configmap mode". Relevant Issues: N/A Type of change: /kind feature Test Plan: The following checks were performed - [x] New tests verify the scriptmgr and api service changes work - [x] Skaffold'ed to a testing cluster and verified script modification is blocked and unmodified scripts are allowed to run. In addition to this, the code editor in the UI is made read only and shows an explanation <details><summary>Screenshots</summary>    </details> Changelog Message: Pixie Cloud can now disable executing modified pxl scripts via the `PL_SCRIPT_MODIFICATION_DISABLED` key in the `pl-script-bundle-config` ConfigMap. See reference manifests for more details. --------- Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
ddelnano added a commit to k8sstormcenter/pixie that referenced this pull request
Feb 25, 2026
…xie-io#2062) Summary: [cloud] Provide ability to disable executing modified pxl scripts Certain security conscious users are hesitant to use Pixie because without RBAC anyone with Pixie UI access can write arbitrary BPF code (bpftrace integration), access or export arbitrary data (modifying pxl scripts, writing export scripts). This change aims to address this concern with a global setting to prevent the ability to execute modified scripts. When an adhoc script is executed, the cloud will hash the contents of the script and check it against the scripts known to the scriptmgr service. If it is contained in the scriptmgr service, the script will be allowed to execute. Note: this does not prevent users from writing new export scripts. Since the query broker can source its scripts from a configmap as of pixie-io#1326, this is deemed as an appropriate mitigation for cluster admins and I'll follow up with UI support to reflect that a vizier is in "configmap mode". Relevant Issues: N/A Type of change: /kind feature Test Plan: The following checks were performed - [x] New tests verify the scriptmgr and api service changes work - [x] Skaffold'ed to a testing cluster and verified script modification is blocked and unmodified scripts are allowed to run. In addition to this, the code editor in the UI is made read only and shows an explanation <details><summary>Screenshots</summary>    </details> Changelog Message: Pixie Cloud can now disable executing modified pxl scripts via the `PL_SCRIPT_MODIFICATION_DISABLED` key in the `pl-script-bundle-config` ConfigMap. See reference manifests for more details. --------- Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters