WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

sockets: implement WithAdditionalUsersAndGroups for windows #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vvoland merged 2 commits into from
Dec 1, 2025
Merged

sockets: implement WithAdditionalUsersAndGroups for windows #149

vvoland merged 2 commits into from
Dec 1, 2025
+206 −4

Conversation

@chelnak
Copy link
Contributor

@chelnak chelnak commented Oct 28, 2025
edited by thaJeztah
Loading

- What I did

Fixes socket creation on Windows by using PROTECTED_DACL_SECURITY_INFORMATION when setting the security descriptor.

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

thaJeztah and others added 2 commits October 28, 2025 08:16
@thaJeztah @chelnak
sockets: implement WithAdditionalUsersAndGroups for windows
d61b17e 
- Implement a WithAdditionalUsersAndGroups (windows daemon allows
  specifying multiple additional users and groups for named pipes
  and unix-sockets).
- Implement a WithBasePermissions() option for windows
- Implement NewUnixSocket that accepts (optional) additional users
  and groups.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Craig Gumbley <[email protected]>
@chelnak
Set correct SECURITY_INFORMATION bit
536df70 
Prior to this change we were setting `OWNER_SECURITY_INFORMATION`
along with `DACL_SECURITY_INFORMATION`.

Since we are not touching the owner, I don't think we need to
set this.

Furthermore, the test was failing because the DACL was actually
protected (`D:P(A;;GA;;;BA)(A;;GA;;;SY)`) and we need to tell
the API about it.

Setting `PROTECTED_DACL_SECURITY_INFORMATION` fixes the issue
and allows socket creation with the required security descriptor.

Signed-off-by: Craig Gumbley <[email protected]>
@chelnak chelnak force-pushed the windows_unix_socket_permissions branch from acb350a to 536df70 Compare October 28, 2025 08:17
thaJeztah
thaJeztah approved these changes Dec 1, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

@vvoland vvoland merged commit 6539818 into docker:main Dec 1, 2025
13 checks passed
@thaJeztah thaJeztah mentioned this pull request Dec 1, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@vvoland vvoland vvoland approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chelnak @thaJeztah @vvoland