fix(swarm): fix environment security checks BE-12541 (#1666)
This commit is contained in:
@@ -79,14 +79,7 @@ func (config *ComposeStackDeploymentConfig) Deploy() error {
|
||||
|
||||
securitySettings := &config.endpoint.SecuritySettings
|
||||
|
||||
if (!securitySettings.AllowBindMountsForRegularUsers ||
|
||||
!securitySettings.AllowPrivilegedModeForRegularUsers ||
|
||||
!securitySettings.AllowHostNamespaceForRegularUsers ||
|
||||
!securitySettings.AllowDeviceMappingForRegularUsers ||
|
||||
!securitySettings.AllowSysctlSettingForRegularUsers ||
|
||||
!securitySettings.AllowContainerCapabilitiesForRegularUsers) &&
|
||||
!isAdminOrEndpointAdmin {
|
||||
|
||||
if !isAdminOrEndpointAdmin {
|
||||
if err := stackutils.ValidateStackFiles(config.stack, securitySettings, config.FileService); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -78,9 +78,8 @@ func (config *SwarmStackDeploymentConfig) Deploy() error {
|
||||
|
||||
settings := &config.endpoint.SecuritySettings
|
||||
|
||||
if !settings.AllowBindMountsForRegularUsers && !isAdminOrEndpointAdmin {
|
||||
err = stackutils.ValidateStackFiles(config.stack, settings, config.FileService)
|
||||
if err != nil {
|
||||
if !isAdminOrEndpointAdmin {
|
||||
if err := stackutils.ValidateStackFiles(config.stack, settings, config.FileService); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user