[Nix-commits] [NixOS/nixpkgs] fa4fe7: docker: fix socket permissions

Graham Christensen Mon, 03 Apr 2017 06:07:07 -0700

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: fa4fe7110566d8370983fa81f2b04a833339236d
      
https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a833339236d
  Author: Alexey Shmalko <rasen.d...@gmail.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)


  Changed paths:
    M nixos/modules/virtualisation/docker.nix

  Log Message:
  -----------
  docker: fix socket permissions

Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket


  Commit: c7453084ef71e286699b7414894178e5559f5563
      
https://github.com/NixOS/nixpkgs/commit/c7453084ef71e286699b7414894178e5559f5563
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
    M nixos/tests/docker.nix

  Log Message:
  -----------
  docker: test for socket permissions


Compare: https://github.com/NixOS/nixpkgs/compare/a29d0df28c30...c7453084ef71

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] fa4fe7: docker: fix socket permissions

Reply via email to