You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Being struggling with this problem for the last few weeks in golang in a project that tries to achieve to do what yours is doing (https://github.com/iongion/container-desktop-wsl-relay), but only for WSL unix sockets. I am failing, mine is not working yet. I wanted golang so that it is a small self-contained binary that is easy to ship in the app itself, although not at al expert in it.
One suggestion is for you to add support for ACLs permissions over the named pipe, through a parameter/expression.
// AllowEveryone grants full access permissions for everyone.
AllowEveryone = "S:(ML;;NW;;;LW)D:(A;;0x12019f;;;WD)"
// AllowCurrentUser grants full access permissions for the current user.
AllowCurrentUser = "D:P(A;;GA;;;$SID)"
// AllowServiceSystemAdmin grants full access permissions for Service, System, Administrator group and account.
AllowServiceSystemAdmin = "D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LA)(A;ID;FA;;;LS)"
// Custom String
"anything-let-the-user-decide"
For current user you need to interpolate $SID of current user, in golang I do something like this:
if strings.Contains(securityDescriptor, "$SID") {
currentUser, err := user.Current()
if err != nil {
log.Println("Relay server error retrieving current user:", err)
return
}
securityDescriptor = strings.Replace(securityDescriptor, "$SID", currentUser.Uid, 1)
}
I only need to support Windows 10+ onwards, do you think it is safe to distribute the smaller .net binary and not the one with the runtime included ?
I have created 2 PRs, do what you want with them of course
Ability to set permissions to the listening named pipe #15 - This one allows users to either leave all as is, or restrict named pipe access to current user, If there would be a way to add expressions support one day, but so far it fits the security requirements in companies that use shared machines
Hi, just a huge thank you, I think I will embed it in https://container-desktop.com
Being struggling with this problem for the last few weeks in golang in a project that tries to achieve to do what yours is doing (https://github.com/iongion/container-desktop-wsl-relay), but only for WSL unix sockets. I am failing, mine is not working yet. I wanted golang so that it is a small self-contained binary that is easy to ship in the app itself, although not at al expert in it.
One suggestion is for you to add support for ACLs permissions over the named pipe, through a parameter/expression.
For current user you need to interpolate
$SIDof current user, in golang I do something like this:I only need to support Windows 10+ onwards, do you think it is safe to distribute the smaller
.netbinary and not the one with the runtime included ?I have created 2 PRs, do what you want with them of course
The text was updated successfully, but these errors were encountered: