Open rwos opened 4 years ago
This came in with Docker API v1.25 (see https://docs.docker.com/engine/api/version-history/):
v1.25
https://docs.docker.com/engine/api/v1.25/#operation/ContainerCreate
This can also create host bind-mounts, which are then not checked against the --allow-bind whitelist because sockguard only looks in HostConfig.Binds.
--allow-bind
HostConfig.Binds
This came in with Docker API
v1.25
(see https://docs.docker.com/engine/api/version-history/):https://docs.docker.com/engine/api/v1.25/#operation/ContainerCreate
This can also create host bind-mounts, which are then not checked against the
--allow-bind
whitelist because sockguard only looks inHostConfig.Binds
.