mirror of
https://github.com/stellarshenson/stellars-jupyterhub-ds.git
synced 2026-03-10 15:10:29 +00:00
522403f89d
Reduced from 66 to 19 lines focusing on essentials: - Simplified pre-spawn hook code - Built-in group mechanism - Admin panel management - Security warning Removed verbose explanations, use cases, auditing commands.
19 lines
718 B
Markdown
19 lines
718 B
Markdown
# Docker Socket Access Control
|
|
|
|
Group-based docker.sock access for user containers. Controlled via `docker-privileged` built-in group.
|
|
|
|
**Implementation** (`config/jupyterhub_config.py`):
|
|
```python
|
|
async def pre_spawn_hook(spawner):
|
|
if any(group.name == 'docker-privileged' for group in spawner.user.groups):
|
|
spawner.volumes['/var/run/docker.sock'] = '/var/run/docker.sock'
|
|
```
|
|
|
|
**Built-in Group**:
|
|
- `BUILTIN_GROUPS = ['docker-privileged']` in config
|
|
- Auto-recreates if deleted (startup script + pre-spawn hook)
|
|
- Managed via admin panel at `/hub/admin` -> Groups
|
|
- User must restart server after membership change
|
|
|
|
**Security**: Docker socket = root-equivalent host access. Only grant to trusted users.
|