New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enforce the security switch "disable the use of bind mounts" when set via API #4106
Labels
Milestone
Comments
|
stack with the following file failed creation because of I guess this is only for containers |
|
anyway, I'm testing everything to be sure. you can see my tests at #4110 (comment) |
|
@chiptus should also be enforced for Swarm services. |
|
Re-opening this issue to be backported into 1.24.2 |
|
Closed via #4467 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now we allow the Portainer administrator to "disable the use of bind mounts by non-admins", which is purely a front-end restriction, and is more of a "hide the capability". This feature stops using from selecting to use bind mounts in the container / service creation views, and stops the use of bind mounts when writing stacks. However, if a skilled user was to craft an API request to Portainer that included bind mounts, it would succeed as there is no backend enforcement.
To ensure security, we should enforce this restriction via the backend so that it cannot be used through the Portainer API.
The text was updated successfully, but these errors were encountered: