nchebrov/stellars-jupyterhub-ds
1
0
Fork 0
mirror of https://github.com/stellarshenson/stellars-jupyterhub-ds.git synced 2026-03-08 06:00:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e52c3c36a0eadf3c8d21e15d80bd12801ef273d
stellars-jupyterhub-ds/doc/docker-socket-permissions.md
stellarshenson 14734c0961 fix: use extra_host_config for privileged container mode 
DockerSpawner requires extra_host_config['privileged'] = True instead of
spawner.privileged. Bumped version to 3.4.1.
2025-12-12 16:10:02 +01:00

805 B
Raw Blame History

Docker Access Control

Group-based Docker access for user containers via two built-in groups.

Group Effect
docker-sock Mounts /var/run/docker.sock
docker-privileged Runs container with --privileged flag

Implementation (config/jupyterhub_config.py):

BUILTIN_GROUPS = ['docker-sock', 'docker-privileged']

async def pre_spawn_hook(spawner):
    if 'docker-sock' in user_groups:
        spawner.volumes['/var/run/docker.sock'] = '/var/run/docker.sock'
    if 'docker-privileged' in user_groups:
        spawner.extra_host_config['privileged'] = True

Management: Admin panel /hub/admin -> Groups. User must restart server after membership change.

Security: Both groups grant significant privileges. Only grant to trusted users.

Reference in New Issue View Git Blame Copy Permalink