Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

White-list build images #1061

Closed
Cadair opened this issue Jun 15, 2015 · 2 comments
Closed

White-list build images #1061

Cadair opened this issue Jun 15, 2015 · 2 comments

Comments

@Cadair
Copy link

Cadair commented Jun 15, 2015

I have recently started testing drone and it is great! I want to know how to restrict the containers that drone can execute, because as it appears to be set up at the moment anyone can modify the .drone.yml file and download and execute any container from the main docker registry, which I don't really want to enable on my build bot.

Is it possible to limit the containers that can be executed to either a whitelist, or just to disable download from the registry, so the containers have to be locally built / cached?

Thanks
@Cadair Cadair changed the title Question, how to restrict what containers can be executed. How to restrict what containers can be executed. Jun 15, 2015
@bradrydzewski bradrydzewski modified the milestone: v0.4.0 Aug 18, 2015
@bradrydzewski bradrydzewski changed the title How to restrict what containers can be executed. Restrict which containers can be executed Aug 18, 2015
@bradrydzewski bradrydzewski modified the milestones: Unscheduled, v0.4.0 Aug 18, 2015
@bradrydzewski bradrydzewski changed the title Restrict which containers can be executed White-list build images Aug 18, 2015
@bradrydzewski bradrydzewski mentioned this issue Aug 18, 2015
Closed
This was referenced Jan 28, 2016
Closed
Closed
@donny-dont
Copy link

@bradrydzewski can we maybe get this in 0.5? Trying to appease our security team so we have a set of images that are OK.

@bradrydzewski
Copy link

We should check and see if there is a native solution to this in Docker. I think you can configure your Docker daemon to use a mirror, which may give you the ability through the mirror to limit which external images are pulled.

@harness harness locked and limited conversation to collaborators Jul 11, 2016
@harness harness deleted a comment from Cadair Sep 24, 2017
@harness harness deleted a comment from Cadair Sep 24, 2017
@harness harness deleted a comment from Cadair Sep 24, 2017
@harness harness deleted a comment from Cadair Sep 24, 2017
@harness harness deleted a comment from Cadair Sep 24, 2017
@bradrydzewski bradrydzewski reopened this Sep 24, 2017
@bradrydzewski bradrydzewski added this to the v1.0.0 milestone Aug 23, 2018
@bradrydzewski bradrydzewski added this to To Do in Version 1.0 Aug 24, 2018
@bradrydzewski bradrydzewski removed this from To Do in Version 1.0 Sep 1, 2018
@bradrydzewski bradrydzewski removed this from the v1.0.0 milestone Apr 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@donny-dont @bradrydzewski @Cadair