Duke-GCB/docker-wrapper

Name: docker-wrapper

Owner: Duke Center for Genomic and Computational Biology

Description: Wrapper scripts for docker volume access

Created: 2015-06-23 14:26:12.0

Updated: 2015-07-24 13:45:47.0

Pushed: 2015-07-01 15:37:00.0

Homepage: null

Size: 140

Language: Python

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

docker-wrapper

Wrapper scripts for docker volume access

Usage

Use docker-wrapper.sh in place of docker, and invoke with sudo:

sudo docker-wrapper.sh \
  -v /data/somelab/someproject/rawdata:/input:ro \
  -v /data/somelab/someproject/results:/output \
  dockerimage ...

docker-wrapper.sh parses the -v/--volume arguments and

  1. Verifies sure the calling user (SUDO_UID) has the requested access to the path check_path_access.py
  2. Verifies the path is whitelisted check_path_whitelist.py

If both conditions hold true, the arguments are passed to docker. If not, the script exits with 1.

Using sudo

docker-wrapper.sh must be run as sudo (it checks SUDO_UID and whoami). It is designed to be specified in a sudoers file, allowing users in a docker-wrapper group to run it

## Allows docker-wrapper group to run docker-wrapper.sh script
%docker-wrapper    ALL=/path/to/docker-wrapper/docker-wrapper.sh
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.