opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-21 17:38:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14621 from mheon/api_sec_notice

Browse Source 
[CI:DOCS] Make it clear the REST API could be a security issue
This commit is contained in:
openshift-ci[bot]
2022-06-16 16:37:40 +00:00
committed by GitHub
parent e6fe06f591 6c5e1420e2
commit 8765adb756
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/markdown/podman-system-service.1.md
View File

@ -21,6 +21,10 @@ The REST API provided by **podman system service** is split into two parts: a co
Documentation for the latter is available at *https://docs.podman.io/en/latest/_static/api.html*. Documentation for the latter is available at *https://docs.podman.io/en/latest/_static/api.html*.
Both APIs are versioned, but the server will not reject requests with an unsupported version set. Both APIs are versioned, but the server will not reject requests with an unsupported version set.
Please note that the API grants full access to Podman's capabilities, and as such should be treated as allowing arbitrary code execution as the user running the API.
As such, we strongly recommend against making the API socket available via the network.
The default configuration (a Unix socket with permissions set to only allow the user running Podman) is the most secure way of running the API.
Note: The default systemd unit files (system and user) change the log-level option to *info* from *error*. This change provides additional information on each API call. Note: The default systemd unit files (system and user) change the log-level option to *info* from *error*. This change provides additional information on each API call.
## OPTIONS ## OPTIONS