nchebrov/stellars-jupyterhub-ds
1
0
Fork 0
mirror of https://github.com/stellarshenson/stellars-jupyterhub-ds.git synced 2026-03-09 06:30:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2674703317e887c746c4a33418516bb4d78efc84
stellars-jupyterhub-ds/doc/docker-socket-permissions.md
stellarshenson 2674703317 feat: split docker access into docker-sock and docker-privileged groups 
- docker-sock: mounts /var/run/docker.sock (container orchestration)
- docker-privileged: runs with --privileged flag (hardware access)

Updated pre_spawn_hook to check both groups and set spawner.volumes
or spawner.privileged accordingly. Documentation updated.
2025-12-12 15:54:47 +01:00

784 B
Raw Blame History

Docker Access Control

Group-based Docker access for user containers via two built-in groups.

Group Effect
docker-sock Mounts /var/run/docker.sock
docker-privileged Runs container with --privileged flag

Implementation (config/jupyterhub_config.py):

BUILTIN_GROUPS = ['docker-sock', 'docker-privileged']

async def pre_spawn_hook(spawner):
    if 'docker-sock' in user_groups:
        spawner.volumes['/var/run/docker.sock'] = '/var/run/docker.sock'
    if 'docker-privileged' in user_groups:
        spawner.privileged = True

Management: Admin panel /hub/admin -> Groups. User must restart server after membership change.

Security: Both groups grant significant privileges. Only grant to trusted users.

Reference in New Issue View Git Blame Copy Permalink