OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.8
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-2685
How to run docker container as privileged mode? (OD-2685)
Zhou You opened 1 day ago

Could we enable privileged mode only for the tasks that actually need it? I checked the code and it looks like you can only configure it in the Run Options when creating a new Server Docker Executor, which affects every task; if it’s not needed you have to remove it manually. Could you add an “Enable Privileged Mode” option in Run Docker Container?

  • Davide Beatrici commented 1 day ago

    In my case I created a dedicated executor that is only allowed to run on trusted projects (i.e. that only trusted people can write to). You can select it in the buildspec.

    An option to enable privileged mode directly in the buildspec would be very dangerous on public OneDev instances or whenever you have at least one untrusted user.

  • Robin Shen commented 1 day ago

    Yes that is correct. Privileged mode should be configured in docker executor and only open to trusted projects to avoid security issues.

  • Robin Shen changed state to 'Closed' 1 day ago
    Previous Value Current Value 
    Open
    		 
    Closed
issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (4)
Reference
OD-2685
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover