Giters

bazelbuild / rules_docker

Rules for building and handling Docker images with Bazel

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Allow unprivileged containers on run_download.sh and run_install.sh

KennethGomez opened this issue · comments

commented

Allow configuration to remove the privileged flag

Description

This feature request comes from the necessity of running Docker on continuous integration and deployment environments. Most of the times, the privileged flag is not allowed to be run on this environments due to security issues within their infrastructure. I don't know the direct implications with removing this flag, I've tried to run the .sh files generated without that flag and turns out no exception gets thrown.

These flags are on these .sh templates:

rules_docker/docker/package_managers/run_download.sh.tpl

Lines 30 to 33 in c823a69

# Run the builder image.
cid=$("$DOCKER" $DOCKER_FLAGS run -w="/" -d --privileged $image_id sh -c $'%{download_commands}')
"$DOCKER" $DOCKER_FLAGS attach $cid
"$DOCKER" $DOCKER_FLAGS cp $cid:%{installables}_packages.tar %{output}

rules_docker/docker/package_managers/run_install.sh.tpl

Lines 53 to 56 in c823a69

cid=$("$DOCKER" $DOCKER_FLAGS run -d -v $vid:/tmp/pkginstall --privileged $image_id /tmp/pkginstall/installer.sh)
"$DOCKER" $DOCKER_FLAGS attach $cid || true

Describe the solution you'd like

I'd like to have some configuration for these rules to disable the privileged mode for docker run command

commented

I can write a PR for this if wanted and needed!

commented

This issue has been automatically marked as stale because it has not had any activity for 180 days. It will be closed if no further activity occurs in 30 days.
Collaborators can add an assignee to keep this open indefinitely. Thanks for your contributions to rules_docker!