Allow mounting files/directories as RW instead of always RO #1055
Labels
Comments
varungandhi-src
added
team/code-search
team/code-search
and removed
team/code-search
labels
varungandhi-src
added
the
imported
camdencheek
removed
the
imported
|
👍 to enabling rw mount on local runs. I have an use case where i want to output some analysis files when running locally per repo so than i can summarize the output for all repos. Forcing a read-only mount drastically reduces the flexibility of the Batch Changes tool. If the team doesn't want to enable this by default for security reasons, it'd be good to have an override in the spec or flag. Something like Or |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case
Sometimes to speed up batch changes, its useful to use a cache directory (e.g. package manager repository) in-order to avoid hammering package repositories over and over again.
I accomplished this by recompiling the program and removing the ":ro" option for constructing the docker mount commands in run_steps.go which fixed issues I was having.
Security Implications
Looking at previous PR/discussions, I understand this feature was requested to work for remote environments where this ask might add a security risk.
To resolve any potential concerns, maybe only allow local src-cli to mount files in read-write?
Related
The text was updated successfully, but these errors were encountered: