Skip to content

Exclude /run/host-services When Using Docker Desktop on MacOS#1293

Open
timway wants to merge 1 commit intoansible:develfrom
timway:docker-desktop-mac-ssh-agent
Open

Exclude /run/host-services When Using Docker Desktop on MacOS#1293
timway wants to merge 1 commit intoansible:develfrom
timway:docker-desktop-mac-ssh-agent

Conversation

@timway
Copy link

@timway timway commented Aug 10, 2023
edited
Loading

  • Docker Desktop takes care of setting up ssh-agent forwarding from MacOS but does in a way that is only allowed to root inside the container
  • As documented at the time of commit at https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
  • Move the None check ahead of the path checking with a specific error message to clearly differentiate that error from path checking errors

Partially addresses #1292 by exempting paths starting with /run/host-services in containerized mode on docker from the source path check.

I'd like to hear feedback on making --user root the default for docker possibly when a volume mount has a path sourced in /run/host-services on docker or in all cases on docker.

A similar fix like this one will be required in order to resolve ansible/ansible-navigator#1593 after/if this is merged into ansible-runner as well.

@timway timway requested a review from a team as a code owner August 10, 2023 06:25
@timway timway mentioned this pull request Aug 10, 2023
Open
@timway
Copy link
Author

timway commented Aug 22, 2023

Just checking in on this issue. What should I be doing to advance this?

I wrote a very targeted fix for the issue but I noticed it may be better to look holistically at the project. Would it be better to design an interface various process isolation methods could implement? That would make it easier to implement the various scenarios that runner is getting leveraged in these days. I'd be willing to take a shot at the initial design and see where it goes if necessary. I'd need to know where maintainers see things before spending substantial time on something like that though.

@ekartsonakis ekartsonakis mentioned this pull request Oct 6, 2023
Open
@wmudge
Copy link

wmudge commented Oct 19, 2023

@timway - would be a +1 if this could be an option for ansible-runner, as other container engines like Colima provide the SSH socket in other paths. See abiosoft/colima#127

@timway
Exclude /run/host-services When Using Docker Desktop on MacOS
3b3c1bf 
* Docker Desktop takes care of setting up ssh-agent forwarding from MacOS but does in a way that is only allowed to `root` inside the container
* As documented at the time of commit at https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
* Move the `None` check ahead of the path checking with a specific error message to clearly differentiate that error from path checking errors
@timway timway force-pushed the docker-desktop-mac-ssh-agent branch from f042704 to 3b3c1bf Compare June 11, 2024 16:05
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 25, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@erictoner
Copy link

erictoner commented Apr 3, 2025

+1 On this; this is absolutely needed for Docker if you want any kind of SSH forwarding from the host machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SSH Agent Forwarding With VS Code Remote-SSH

3 participants

@timway @wmudge @erictoner

Comments