Skip Checksum option?
Opened this issue · 1 comments
Hi folks.
Would like an option to skip checksumming. My use case is ....
... in cases where i want to patch a binary on the host - i may want to start a process by simply calling wins
from a container, without first copying my local contents over.
Workaround, in cases where you need to patch a container that is started from a ps1 script, you can add a wget
or similar command into the containers startup, so that its path
value is identical to what is on the host. of course this comes at the cost of having to mount/copy/upload your patched file somewhere.
I'm not sure if I completely understand the purpose behind your feature request, so could you provide some more details about your use case?
From my understanding, the purpose behind checksumming the Start Process call is to avoid something like the following scenario:
- Container 1 has permissions to mount the rancher_wins named pipe + a host path
c:\etc\mystuff
- Container 2 only has permissions to mount a host path
c:\etc\mystuff
- Container 1 asks the wins server to start a process in
c:\etc\mystuff\myprogram.exe
at the same time that Container 2 doesCopy-Item c:\etc\mystuff\badstuff.exe c:\etc\mystuff\myprogram.exe
and wins server obliges - Bad stuff happens since privileges have been escalated