Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable downloading files from a running container #2466

Closed
philliphoff opened this issue Nov 4, 2020 · 3 comments · Fixed by #2551
Closed

Enable downloading files from a running container #2466

philliphoff opened this issue Nov 4, 2020 · 3 comments · Fixed by #2551
Labels
feature P1
Milestone
1.9.0

Comments

@philliphoff
Copy link
Member

An earlier feature enabled viewing (read-only) files in a running container. This issue builds on that functionality to allow the user to download files from the running container to the local machine (rather than opening them in an editor). This can be useful for non-text files, or just eliminating the need to cut & paste from the editor.
@dbreshears dbreshears added this to the 1.8.0 milestone Nov 4, 2020
@bwateratmsft bwateratmsft modified the milestones: 1.8.0, 1.9.0 Nov 10, 2020
@dbreshears dbreshears modified the milestones: 1.9.0, 1.10.0 Nov 18, 2020
@philliphoff philliphoff mentioned this issue Dec 8, 2020
Merged
@PavelSosin-320
Copy link

About which docker files you are talking about here?
Everything under Docker daemon filesystem root should be restricted from access bypassing Docker's engine interface. Nothing can be directly "opened". When user/IT configures Docker engine port as 2376 it means that everything, everything, everything must be transferred with TLS encoding including logs. If Docker is installed correctly on the Linux machine access to the Docker files is restricted from outside of the Host.
The only file which can be readable by the user is the Docker daemon log, but only by the root user because Docker daemon runs as root.
The only allowed method to transfer or view files from Docker filesystem is docker cp command and docker logs. docker logs transfer logs content encoded like any data.
The bind volumes change from outside docker will result in fatal docker diff corruption. Then the docker export will produce junk.
The Docker daemon log is only a human-readable file and contains very technical information about Host OS, Drivers configuration, and Docker startup.

@PavelSosin-320
Copy link

PavelSosin-320 commented Dec 9, 2020
edited
Loading

FYI! Container root FS vs Volumes
The existence of NTFS storage driver means that data can be copied from the 3rd machine where data are actually stored.

@philliphoff
Copy link
Member Author

philliphoff commented Dec 9, 2020
edited
Loading

@PavelSosin-320 This feature, at its core, it just automating what the end user would do themselves to view/extract an arbitrary file from a running container. There's no bypassing of the Docker host; if the user has the ability to docker cp the file from the container or attach a terminal to the container (to list the file), then tooling can do the same. (That's quite literally what the tooling does, the latter in the case of Windows which doesn't support docker cp.)

@philliphoff philliphoff modified the milestones: 1.10.0, 1.9.0 Dec 9, 2020
@vscodebot vscodebot bot locked and limited conversation to collaborators Jan 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature P1
Projects
None yet
Milestone
1.9.0
Development

Successfully merging a pull request may close this issue.

Allow users to download container files microsoft/vscode-docker
4 participants
@dbreshears @philliphoff @bwateratmsft @PavelSosin-320