mirror of
https://github.com/portainer/portainer.git
synced 2025-07-23 15:29:42 +02:00
feat(containers): Prevent non-admin users from running containers using the host namespace pid (#4098)
* feat(containers): prevent non-admin users from running containers using the host namespace pid (#3970) * feat(containers): Prevent non-admin users from running containers using the host namespace pid * feat(containers): add rbac check for swarm stack too * feat(containers): remove forgotten conflict * feat(containers): init EnableHostNamespaceUse to true and return 403 on forbidden action * feat(containers): change enableHostNamespaceUse to restrictHostNamespaceUse in html * feat(settings): rename EnableHostNamespaceUse to AllowHostNamespaceForRegularUsers * feat(database): trigger migration for AllowHostNamespace * feat(containers): check container creation authorization Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
This commit is contained in:
parent
e78aaec558
commit
adf33385ce
12 changed files with 72 additions and 21 deletions
|
@ -1,6 +1,12 @@
|
|||
package migrator
|
||||
|
||||
func (m *Migrator) updateSettingsToDB24() error {
|
||||
// Placeholder for 1.24.1 backports
|
||||
return nil
|
||||
legacySettings, err := m.settingsService.Settings()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
legacySettings.AllowHostNamespaceForRegularUsers = true
|
||||
|
||||
return m.settingsService.UpdateSettings(legacySettings)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue