Jump to letter: [ 3ABCDEFGHIJKLMNOPQRSTUVWXYZ ]

docker-novolume-plugin - Block container starts with local volumes defined

Description:

When a volume in provisioned via the `VOLUME` instruction in a Dockerfile or
via `docker run -v volumename`, host's storage space is used. This could lead to
an unexpected out of space issue which could bring down everything.
There are situations where this is not an accepted behavior. PAAS, for
instance, can't allow their users to run their own images without the risk of
filling the entire storage space on a server. One solution to this is to deny users
from running images with volumes. This way the only storage a user gets can be limited
and PAAS can assign quota to it.

This plugin solves this issue by disallowing starting a container with
local volumes defined. In particular, the plugin will block `docker run` with:

- `--volumes-from`
- images that have `VOLUME`(s) defined
- volumes early provisioned with `docker volume` command

The only thing allowed will be just bind mounts.

Packages

- propagate mounts to the host - fix regression introduced by fix of CVE-2021-30465
- Resolves: #1966968

- fix CollectMode again
- Related: #1787148

- do not enable CollectMode support yet because it is not still present in
  7.6-ALT
- Related: #1766665

- do not enable CollectMode support yet because it is not still present in
  7.6-ALT
- Related: #1766665

- make failure message for CVE-2020-1702 more obvious (#1804024)
- drop patch for #1734482 as it breaks compilation

- make failure message for CVE-2020-1702 more obvious (#1804024)
- drop patch for #1734482 as it breaks compilation

- bump release to not to clash with RHEL7.8

Listing created by Repoview-0.6.6-4.el7