Skip to content

Propagate permissions for all host-to-container socket mounts.#1751

Merged
jglogan merged 1 commit into
apple:mainfrom
jglogan:socket-perms
Jun 18, 2026
Merged

Propagate permissions for all host-to-container socket mounts.#1751
jglogan merged 1 commit into
apple:mainfrom
jglogan:socket-perms

Conversation

@jglogan

@jglogan jglogan commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Motivation and Context

Allows socket mounts for non-user workloads.

Testing

  • Tested locally
  • Added/updated tests
  • Added/updated docs

@jglogan
Propagate permissions for all host-to-container socket mounts.
81b2261 
- Closes apple#1750.
- Applies permission code used for the `--ssh` mount to
  all host-to-container socket mounts.
- Adds a user option to the `doExec` test support function.
- Updates the `testRunCommandUnixSocketMount` to install
  `nc` in the test container, and check the socket
  permission, and check the mounted socket using `nc`
  as the guest user.
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

Code Coverage

Tier Line Coverage
Unit 33.4%
Integration 21.11%
Combined 53.66%

@jglogan jglogan merged commit 888582b into apple:main Jun 18, 2026
4 checks passed
@jglogan jglogan deleted the socket-perms branch June 18, 2026 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@katiewasnothere katiewasnothere katiewasnothere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Request]: Propagate permissions on all mounted Unix domain sockets from host into container.

2 participants

@jglogan @katiewasnothere