open-nomad

History

Tim Gross 0ef0b17b82 docker: disallow volume mounts from host by default (#9321 ) The default behavior for `docker.volumes.enabled` is intended to be `false`, but the HCL schema defaults to `true` if the value is unset. Set the default literal value to `true`. Additionally, Docker driver mounts of type "volume" (but not "bind") are not being properly sandboxed with that setting. Disable Docker mounts with type "volume" entirely whenever the `docker.volumes.enabled` flag is set to false. Note this is unrelated to the `volume_mount` feature, which is constrained to preconfigured host volumes or whatever is mounted by a CSI plugin. This changeset includes updates to unit tests that should have been failing under the documented behavior but were not.	2020-11-11 10:03:46 -05:00
..
index.mdx	[docs] Update redirects and links for learn.hashicorp.com (#8598 )	2020-09-29 12:48:32 -04:00
upgrade-specific.mdx	docker: disallow volume mounts from host by default (#9321 )	2020-11-11 10:03:46 -05:00

docker: disallow volume mounts from host by default (#9321 )

The default behavior for `docker.volumes.enabled` is intended to be `false`,
but the HCL schema defaults to `true` if the value is unset. Set the default
literal value to `true`.

Additionally, Docker driver mounts of type "volume" (but not "bind") are not
being properly sandboxed with that setting. Disable Docker mounts with type
"volume" entirely whenever the `docker.volumes.enabled` flag is set to
false. Note this is unrelated to the `volume_mount` feature, which is
constrained to preconfigured host volumes or whatever is mounted by a CSI
plugin.

This changeset includes updates to unit tests that should have been failing
under the documented behavior but were not.

2020-11-11 10:03:46 -05:00

index.mdx

[docs] Update redirects and links for learn.hashicorp.com (#8598 )

2020-09-29 12:48:32 -04:00

upgrade-specific.mdx

docker: disallow volume mounts from host by default (#9321 )

2020-11-11 10:03:46 -05:00