[Nix-commits] [NixOS/nixpkgs] 6c59d8: docker: fix socket permissions

Graham Christensen Mon, 03 Apr 2017 06:14:06 -0700

  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 6c59d851e2967410cc8fb6ba3f374b1d3efa988e
      
https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e
  Author: Alexey Shmalko <rasen.d...@gmail.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)


  Changed paths:
    M nixos/modules/virtualisation/docker.nix

  Log Message:
  -----------
  docker: fix socket permissions

Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket

(cherry picked from commit fa4fe7110566d8370983fa81f2b04a833339236d)


  Commit: 6018464c49dc60b1779f10a714974dcb4eb21c30
      
https://github.com/NixOS/nixpkgs/commit/6018464c49dc60b1779f10a714974dcb4eb21c30
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
    M nixos/tests/docker.nix

  Log Message:
  -----------
  docker: test for socket permissions

(cherry picked from commit c7453084ef71e286699b7414894178e5559f5563)


Compare: https://github.com/NixOS/nixpkgs/compare/6024dd4067c4...6018464c49dc

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 6c59d8: docker: fix socket permissions

Reply via email to