File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed
Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change @@ -127,8 +127,8 @@ backend docker_engine_backend
127127 acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
128128 http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
129129
130- # ACL to restrict container creation, that it has HostConfig.Privileged not set
131- acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\" Privileged\""
130+ # ACL to restrict container creation, that it has HostConfig.Privileged(by searching for "Privileged" word in all payload) not set
131+ acl no_privileged_flag req.body -m reg -i "\"Privileged\""
132132 # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
133133 acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
134134 http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
You can’t perform that action at this time.
0 commit comments