kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

disable docker socket support until we have security in place

Browse Source 
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This commit is contained in:
Andrea Luzzardi 2021-06-07 13:18:46 -07:00
parent ac34df319a
commit 2671e5f321
3 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
environment/pipeline.go
View File

@ -468,11 +468,6 @@ func (p *Pipeline) mount(ctx context.Context, dest string, mnt *compiler.Value)
llb.Scratch(), llb.Scratch(),
llb.Tmpfs(), llb.Tmpfs(),
), nil ), nil
case "docker.sock":
return llb.AddSSHSocket(
llb.SSHID(solver.DockerSocketID),
llb.SSHSocketTarget(dest),
), nil
default: default:
return nil, fmt.Errorf("invalid mount source: %q", s) return nil, fmt.Errorf("invalid mount source: %q", s)
} }

2
stdlib/dagger/op/op.cue
View File

@ -52,7 +52,7 @@ package op
// `true` means also ignoring the mount cache volumes // `true` means also ignoring the mount cache volumes
always?: true | *false always?: true | *false
dir: string | *"/" dir: string | *"/"
mount: [string]: "tmpfs" | "cache" | "docker.sock" | {from: _, path: string | *"/"} | {secret: _} mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"} | {secret: _}
// Map of hostnames to ip // Map of hostnames to ip
hosts?: [string]: string hosts?: [string]: string
// User to exec with (if left empty, will default to the set user in the image) // User to exec with (if left empty, will default to the set user in the image)

1
tests/compute.bats
View File

@ -107,6 +107,7 @@ setup() {
} }
@test "compute: docker socket" { @test "compute: docker socket" {
skip "docker socket support disabled"
run "$DAGGER" compute "$TESTDIR"/compute/dockersocket run "$DAGGER" compute "$TESTDIR"/compute/dockersocket
} }