Allow Security Configuration of named pipe host #1732
Comments
|
@kepboy Currently working on adding the group to the named pipe ACL. Can you tell me how to simply display the current ACL for a given named pipe from PS ? Seems like Get-Acl does not play well with named pipes, and the documentation online is just plain dead on the subject. |
|
[System.IO.Directory]::GetAccessControl(“\\.\pipe\docker_engine”)
Should do the trick
…On Thu, 22 Feb 2018 at 20:24, Pierre Gayvallet ***@***.***> wrote:
@kepboy <https://github.com/kepboy> Currently working on adding the group
to the named pipe ACL.
Can you tell me how to simply display the current ACL for a given named
pipe from PS ? Seems like Get-Acl does not play well with named pipes, and
the documentation online is just plain dead on the subject.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1732 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AKrA3vXZ25h9WJymRqftY1vu5DxMDmGYks5tXTIygaJpZM4SNDre>
.
|
|
Great, thanks |
|
I notice this fix is in the latest release, however, when I run docker the named pipe doesn't seem to have the docker-users group added to the ACL? |
|
I had this same issue @kepboy on 7.12.0. 18.03.0 works on an Admin seat on my Win10 but as a User I can't start the Docker service now. Unrelated (?) issue I suspect. On 7.12.0 my process was: Install Docker (Admin), Assign a user to "docker-users" group (Admin), Log off admin account and log into user account (user) -> Start Docker for Windows service (user) -> Run docker's hello-world (user) -> Get the following error: |
|
A note: both 7.12.0 and 18.03.0 work on my home computer as a user or admin. Accounts just needs to be part of the "docker-users" group after Docker install by an Admin. Issues I am having are on a very locked down user account at work. Home computer user (Docker for Windows v18.03.0): will post/update what work computer gets from that command first thing tomorrow. |
|
I uninstalled and re-installed and it now appears to be working. I suspect the problem was related to the fact that I already had a group called docker-users on my computer and the upgrade didn't like it. |
|
Did a full uninstall remove the "docker-users" group? Was your previous install and upgrade? Strange but glad it's working for you @kepboy |
|
@CSEmbree I removed the old group myself prior to uninstall |
|
So is it fixed? Can we close the issue? |
|
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
From a service user account
Actual behavior
From a service user account
Information
I think the simplest answer is to allow access to
\\.\pipe\docker_engineto a dedicated group (docker-users)At present the named pipe
\\.\pipe\docker_enginereceives a default ACL ofSteps to reproduce the behavior
docker version(you should receive the correct version information), this confirms that docker is runningStart-Process powershell.exe -Credential _UserAccountName_docker versionThe text was updated successfully, but these errors were encountered: