-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How we can restrict few Buildah commands from CLI Terminal. #3270
Comments
We have no way of blocking this now. But not buildah from and buildah run? |
Thank you for response, Yes we have to block buildah from and buildah run commands. So that instead of running containers from cli, they will run from ui only. Since we have a UI page from there user only can run container image. |
Great, so I can close this issue. We can continue conversation here if you want. |
I've moved the discussion to #3276, it's an interesting topic/thought. |
Thank you @TomSweeneyRedHat @rhatdan ! FYI.. I followed below tutorial for creating rootless openshitft container. We want build user to block/disable buildah from command. If build user try to do so, there should be message on cli that "This command is not allowed " or we can customize it accordingly. https://github.com/containers/buildah/blob/master/docs/tutorials/05-openshift-rootless-bud.md |
Hi Team,
This is not issue/bug. I just need your support, I have a requirement where User can only build container image and also run others buildah command on terminal but _User can not run/create container using _ buildah from command. I have to kind of block or disable this command. Exception this command User can run all buildah commands.
As per our project requirement, we are proving a user interface to user he can only run that container image from there only. We have written all backend logic, image will be pulled from OpenShift's internal registry, that container image User has build from terminal and will be pushed to Openshift internal registry.
Any help/guidance will be appreciated.
Thank you in advance..!!!
The text was updated successfully, but these errors were encountered: