docker-novolume-plugin - Block container starts with local volumes defined
When a volume in provisioned via the `VOLUME` instruction in a Dockerfile or via `docker run -v volumename`, host's storage space is used. This could lead to an unexpected out of space issue which could bring down everything. There are situations where this is not an accepted behavior. PAAS, for instance, can't allow their users to run their own images without the risk of filling the entire storage space on a server. One solution to this is to deny users from running images with volumes. This way the only storage a user gets can be limited and PAAS can assign quota to it. This plugin solves this issue by disallowing starting a container with local volumes defined. In particular, the plugin will block `docker run` with: - `--volumes-from` - images that have `VOLUME`(s) defined - volumes early provisioned with `docker volume` command The only thing allowed will be just bind mounts.
|docker-novolume-plugin-1.13.1-72.git6f36bd4.el7.x86_64 [1.7 MiB]||
by Lokesh Mandvekar (2018-07-08):
- Resolves: #1598581, #1598630 - CVE-2018-10892 - built docker @projectatomic/docker-1.13.1-rhel commit 6f36bd4 - built docker-novolume-plugin commit 385ec70 - built rhel-push-plugin commit af9107b - built docker-lvm-plugin commit 20a1f68 - built docker-runc @projectatomic/docker-1.13.1-rhel commit 5eda6f6 - built docker-containerd @projectatomic/docker-1.13.1-rhel commit c769d58 - built docker-init commit fec3683 - built libnetwork commit d00ceed - update comment about registries.conf in /etc/sysconfig/docker From: Tom Sweeney <email@example.com>