chaos/drone-runner-podman
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add feature toggle to disable docker plugin volume check

Browse Source
This commit is contained in:
Brad Rydzewski
2020-12-18 11:54:36 -05:00
parent 00b690ce8c
commit 4f8d2e4eee
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
engine/compiler/compiler.go
View File

@@ -6,6 +6,7 @@ package compiler
import ( import (
"context" "context"
"os"
"strings" "strings"
"github.com/drone-runners/drone-runner-docker/engine" "github.com/drone-runners/drone-runner-docker/engine"
@@ -511,6 +512,11 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
return spec return spec
} }
// feature toggle that disables the check that restricts
// docker plugins from mounting volumes.
// DO NOT USE: THIS WILL BE DEPRECATED IN THE FUTURE
var allowDockerPluginVolumes = os.Getenv("DRONE_FLAG_ALLOW_DOCKER_PLUGIN_VOLUMES") == "true"
func (c *Compiler) isPrivileged(step *resource.Step) bool { func (c *Compiler) isPrivileged(step *resource.Step) bool {
// privileged-by-default containers are only // privileged-by-default containers are only
// enabled for plugins steps that do not define // enabled for plugins steps that do not define
@@ -524,9 +530,13 @@ func (c *Compiler) isPrivileged(step *resource.Step) bool {
if len(step.Entrypoint) > 0 { if len(step.Entrypoint) > 0 {
return false return false
} }
if len(step.Volumes) > 0 {
return false if allowDockerPluginVolumes == false {
if len(step.Volumes) > 0 {
return false
}
} }
// privileged-by-default mode is disabled if the // privileged-by-default mode is disabled if the
// pipeline step mounts a volume restricted for // pipeline step mounts a volume restricted for
// internal use only. // internal use only.