Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Allow Habitat Studio to Run in Unprivilaged Docker Container

Our Jenkins slave nodes use unprivileged docker containers. Adding --privileged access to these containers would open a large security hole as any employee has access to Jenkins would have access to use those privileged containers, which would allow anyone to compromise the host ECS instance.

 

Unfortunately, I have not been able to get habitat studio to run inside an unprivileged slave container running with a docker-by-docker setup. When I try, with hab running under sudo, I receive an error when attempting to start the studio:

★ Install of core/hab-studio/1.5.29/20200211163904 complete with 40 new packages installed.
hab-studio: Destroying Studio at /hab/studios/home--jenkins ()
hab-studio: Creating Studio at /hab/studios/home--jenkins (default)
mount: permission denied (are you root?)
  • Guest
  • Feb 18 2020
  • Under Consideration
  • Attach files
  • and 1 more