Closed benkeil closed 1 month ago
hi @benkeil the plugin requires elevated permissions to communicate with docker over the local network so should be run with --disable-sandbox
. SwiftPM will eventually get nicer constructs for this kind of a grant that will allow to run it in a more streamlined way
p.s.
we are behind on documenting how to use the plugin, sorry about that
Why does it need this? It is doing nothing special and it sounds like a security issue to do that.
The packaging plugin used docker on macOS. SwiftPM sandbox doe not permit network communication, and docker is a daemon that exposes its APIs over the local network. as such the sandbox does not allow the plugin to user / communicate with docker. SwiftPM will eventually get more fine grained permission model that would allow plugins to specify network access grant, but right now its a fairly binary option.
made this PR to document the 1.x API. once merged we can tag a 1.0.0-alpha.1
Documentation is now up-to-date https://github.com/swift-server/swift-aws-lambda-runtime/blob/main/readme.md?plain=1#L267
Closing this
Expected behavior
should build the lambdas
Actual behavior
SwiftAWSLambdaRuntime version/commit hash
main
Swift & OS version (output of
swift --version && uname -a
)