From 2671e5f321f0b069cd60f78d3e5ecb6b36c98a83 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Mon, 7 Jun 2021 13:18:46 -0700 Subject: [PATCH] disable docker socket support until we have security in place Signed-off-by: Andrea Luzzardi --- environment/pipeline.go | 5 ----- stdlib/dagger/op/op.cue | 2 +- tests/compute.bats | 1 + 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/environment/pipeline.go b/environment/pipeline.go index d00793aa..08c4f74b 100644 --- a/environment/pipeline.go +++ b/environment/pipeline.go @@ -468,11 +468,6 @@ func (p *Pipeline) mount(ctx context.Context, dest string, mnt *compiler.Value) llb.Scratch(), llb.Tmpfs(), ), nil - case "docker.sock": - return llb.AddSSHSocket( - llb.SSHID(solver.DockerSocketID), - llb.SSHSocketTarget(dest), - ), nil default: return nil, fmt.Errorf("invalid mount source: %q", s) } diff --git a/stdlib/dagger/op/op.cue b/stdlib/dagger/op/op.cue index 1eed447f..aeb94423 100644 --- a/stdlib/dagger/op/op.cue +++ b/stdlib/dagger/op/op.cue @@ -52,7 +52,7 @@ package op // `true` means also ignoring the mount cache volumes always?: true | *false dir: string | *"/" - mount: [string]: "tmpfs" | "cache" | "docker.sock" | {from: _, path: string | *"/"} | {secret: _} + mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"} | {secret: _} // Map of hostnames to ip hosts?: [string]: string // User to exec with (if left empty, will default to the set user in the image) diff --git a/tests/compute.bats b/tests/compute.bats index 17e45ad7..e5e70826 100644 --- a/tests/compute.bats +++ b/tests/compute.bats @@ -107,6 +107,7 @@ setup() { } @test "compute: docker socket" { + skip "docker socket support disabled" run "$DAGGER" compute "$TESTDIR"/compute/dockersocket }