Skip Checksum option?

[jayunit100]

Hi folks.

Would like an option to skip checksumming. My use case is ....

... in cases where i want to patch a binary on the host - i may want to start a process by simply calling wins from a container, without first copying my local contents over.

Workaround, in cases where you need to patch a container that is started from a ps1 script, you can add a wget or similar command into the containers startup, so that its path value is identical to what is on the host. of course this comes at the cost of having to mount/copy/upload your patched file somewhere.

[aiyengar2]

I'm not sure if I completely understand the purpose behind your feature request, so could you provide some more details about your use case?

From my understanding, the purpose behind checksumming the Start Process call is to avoid something like the following scenario:

• Container 1 has permissions to mount the rancher_wins named pipe + a host path c:\etc\mystuff
• Container 2 only has permissions to mount a host path c:\etc\mystuff
• Container 1 asks the wins server to start a process in c:\etc\mystuff\myprogram.exe at the same time that Container 2 does Copy-Item c:\etc\mystuff\badstuff.exe c:\etc\mystuff\myprogram.exe and wins server obliges
• Bad stuff happens since privileges have been escalated