nchebrov/stellars-jupyterhub-ds
1
0
Fork 0
mirror of https://github.com/stellarshenson/stellars-jupyterhub-ds.git synced 2026-03-08 06:00:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
522403f89dccb067281f956c75dbe926ef5506ea
stellars-jupyterhub-ds/doc/docker-socket-permissions.md
stellarshenson 522403f89d docs: further simplify docker-socket-permissions.md 
Reduced from 66 to 19 lines focusing on essentials:
- Simplified pre-spawn hook code
- Built-in group mechanism
- Admin panel management
- Security warning

Removed verbose explanations, use cases, auditing commands.
2025-11-09 23:02:20 +01:00

718 B
Raw Blame History

Docker Socket Access Control

Group-based docker.sock access for user containers. Controlled via docker-privileged built-in group.

Implementation (config/jupyterhub_config.py):

async def pre_spawn_hook(spawner):
    if any(group.name == 'docker-privileged' for group in spawner.user.groups):
        spawner.volumes['/var/run/docker.sock'] = '/var/run/docker.sock'

Built-in Group:

  • BUILTIN_GROUPS = ['docker-privileged'] in config
  • Auto-recreates if deleted (startup script + pre-spawn hook)
  • Managed via admin panel at /hub/admin -> Groups
  • User must restart server after membership change

Security: Docker socket = root-equivalent host access. Only grant to trusted users.

Reference in New Issue View Git Blame Copy Permalink