Allow plugins to communicate with docker without disabling the sandbox #5489
Assignees
Labels
Comments
|
cc @fabianfett |
|
This makes sense, and I think there might be an interesting distinction to be drawn (if we can) between localhost and other hosts. Possibly also domain sockets vs IP sockets, if that is a distinction we can make in the sandbox. |
neonichu
added a commit
that referenced
this issue
Feb 3, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 3, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 3, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 4, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 4, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 6, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
neonichu
added a commit
that referenced
this issue
Feb 8, 2023
This adds a new plugin permission that allows a command plugin to ask for networking permissions. The permission can distinguish between local and outgoing connections, as well as specifying a list or range of ports to allow. Similar to existing permissions, there's also a CLI option for allowing connections. resolves #5489
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Linux oriented packaging and deployment plugins often need to work with Docker, especially since Swift does not support cross compilation mac -> Linux. As an example see swift-server/swift-aws-lambda-runtime#254
In order to communicate with Docker, plugins need to perform network communication with the docker daemon which is blocked by SwiftPM plugin sandbox. As such, plugins of this kind cannot be used unless the sandbox is disabled which defeats the purpose of having a sandbox.
One possible solution is to model certain types of network communication an grants / privileges that the plugin can express as requiring, and then have SwiftPM prompt the user for explicit approval. this is similar to how plugins deal with file system write access
The text was updated successfully, but these errors were encountered: