nchebrov/stellars-jupyterhub-ds
1
0
Fork 0
mirror of https://github.com/stellarshenson/stellars-jupyterhub-ds.git synced 2026-03-08 06:00:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
17d60ae85bf39999002c4408ccfda80f89e4d4b2
stellars-jupyterhub-ds/doc/docker-socket-permissions.md
stellarshenson d0de218074 docs: fix docker.sock security warnings and add alert styling 
Corrected security warnings to accurately describe docker.sock access:
- Changed 'host system' to 'Docker host' (docker.sock grants access to Docker
  daemon, not physical host system)
- Applied warning alert style (alert-block alert-warning) to security notes in
  README.md for better visibility

Updated in:
- README.md: Two security warnings (Requirements section, Privileged Access)
- doc/docker-socket-permissions.md: Security note
- .claude/CLAUDE.md: Security warning

Security warnings now use HTML alert boxes for emphasis and accurate terminology.
2025-11-10 00:18:10 +01:00

725 B
Raw Blame History

Docker Socket Access Control

Group-based docker.sock access for user containers. Controlled via docker-privileged built-in group.

Implementation (config/jupyterhub_config.py):

async def pre_spawn_hook(spawner):
    if any(group.name == 'docker-privileged' for group in spawner.user.groups):
        spawner.volumes['/var/run/docker.sock'] = '/var/run/docker.sock'

Built-in Group:

  • BUILTIN_GROUPS = ['docker-privileged'] in config
  • Auto-recreates if deleted (startup script + pre-spawn hook)
  • Managed via admin panel at /hub/admin -> Groups
  • User must restart server after membership change

Security: Docker socket = root-equivalent Docker host access. Only grant to trusted users.

Reference in New Issue View Git Blame Copy Permalink