fix(swarm): fix environment security checks BE-12541 (#1666)

This commit is contained in:
andres-portainer
2026-01-14 12:25:50 -03:00
committed by GitHub
parent ac8fa7672e
commit 3e2fdb1891
2 changed files with 3 additions and 11 deletions
@@ -79,14 +79,7 @@ func (config *ComposeStackDeploymentConfig) Deploy() error {
securitySettings := &config.endpoint.SecuritySettings
if (!securitySettings.AllowBindMountsForRegularUsers ||
!securitySettings.AllowPrivilegedModeForRegularUsers ||
!securitySettings.AllowHostNamespaceForRegularUsers ||
!securitySettings.AllowDeviceMappingForRegularUsers ||
!securitySettings.AllowSysctlSettingForRegularUsers ||
!securitySettings.AllowContainerCapabilitiesForRegularUsers) &&
!isAdminOrEndpointAdmin {
if !isAdminOrEndpointAdmin {
if err := stackutils.ValidateStackFiles(config.stack, securitySettings, config.FileService); err != nil {
return err
}
@@ -78,9 +78,8 @@ func (config *SwarmStackDeploymentConfig) Deploy() error {
settings := &config.endpoint.SecuritySettings
if !settings.AllowBindMountsForRegularUsers && !isAdminOrEndpointAdmin {
err = stackutils.ValidateStackFiles(config.stack, settings, config.FileService)
if err != nil {
if !isAdminOrEndpointAdmin {
if err := stackutils.ValidateStackFiles(config.stack, settings, config.FileService); err != nil {
return err
}
}