transport: allow named pipe SecurityDescriptor to be set#538
transport: allow named pipe SecurityDescriptor to be set#538djs55 merged 1 commit intomoby:masterfrom
Conversation
| Listen(path string) (net.Listener, error) | ||
| String() string | ||
| // SetSecurityDescriptor for Windows named pipes. | ||
| SetSecurityDescriptor(sddl string) |
There was a problem hiding this comment.
I don't see where you call this function?
Why not simply use a default security descriptor on Windows pipes?
There was a problem hiding this comment.
It's a bit of an awkward split but this library is vendored inside the Docker Desktop codebase and a Desktop-specific descriptor is set which references the group docker-users which is created by the installer. I was hoping to avoid adding a dependency on the Desktop installer here.
Perhaps we could change the API so the client provides a "listener factory" (not sure what would be idiomatic in Go) which would encapsulate this on the client-side.
There was a problem hiding this comment.
I see, maybe you can add an exemple security descriptor as a comment, and also make sure it stills works as before if the sddl is not set
There was a problem hiding this comment.
Thanks -- I've expanded the comment with a link and an example. I've added a simple unit test to demo that it still works without the descriptor being set.
This is needed on some Windows machines to set the ACLs on the named pipes to ensure we can connect to them. Signed-off-by: David Scott <dave@recoil.org>
This is needed on some Windows machines to set the ACLs on the named pipes to ensure we can connect to them.
Signed-off-by: David Scott dave.scott@docker.com