From 0151ea9a3fc9ef92edd0b46c5fead6687c3c318f Mon Sep 17 00:00:00 2001 From: nathan wagner Date: Thu, 7 Sep 2023 19:46:23 +0000 Subject: [PATCH] maskedPath --- driver/docker-container/driver.go | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/driver/docker-container/driver.go b/driver/docker-container/driver.go index c887432d..7cfd6336 100644 --- a/driver/docker-container/driver.go +++ b/driver/docker-container/driver.go @@ -3,7 +3,6 @@ package docker import ( "bytes" "context" - "fmt" "io" "net" "os" @@ -140,26 +139,21 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error { return err } for _, f := range secOpts { - fmt.Println("range of opts ", f) if f.Name == "userns" { hc.UsernsMode = "host" break } } - //hc.SecurityOpt=["seccomp:unconfined" "apparmor:unconfined" "systempaths:unconfined"] hc.SecurityOpt = append(hc.SecurityOpt, "seccomp=unconfined") hc.SecurityOpt = append(hc.SecurityOpt, "apparmor=unconfined") - //hc.SecurityOpt = append(hc.SecurityOpt, "systempaths=unconfined") hc.Privileged = false + //hc.SecurityOpt = append(hc.SecurityOpt, "systempaths=unconfined") + hc.MaskedPaths = []string{} + hc.ReadonlyPaths = []string{} + //cfg.Env= append(cfg.Env,"systempaths=unconfined") } - fmt.Println("cfg: ", cfg) - fmt.Println("hc privileged:", hc.Privileged) - fmt.Println("hc: ", hc.SecurityOpt) - fmt.Println("hc: ", hc.SecurityOpt) - fmt.Println(hc.SecurityOpt) _, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name) if err != nil && !errdefs.IsConflict(err) { - l.Wrap("fucking dumb", func() error { fmt.Println(err.Error()); return nil }) return err } if err == nil { @@ -283,7 +277,6 @@ func (d *Driver) run(ctx context.Context, cmd []string, stdout, stderr io.Writer if resp.ExitCode != 0 { return errors.Errorf("exit code %d", resp.ExitCode) } - fmt.Println("did I get in here") return nil }