From f68f5d2adbe8db2257055f0b624b7e4314fa7efe Mon Sep 17 00:00:00 2001 From: Cesar Talledo Date: Mon, 26 Feb 2024 08:43:52 -0800 Subject: [PATCH] Indicate support for ECI Docker socket mount permission on WSL. (#19274) Support for this feature is being added in Docker Desktop 4.28 and later. Update the docs accordingly. Signed-off-by: Cesar Talledo Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/desktop/hardened-desktop/_index.md | 2 +- .../enhanced-container-isolation/config.md | 14 +++----------- .../enhanced-container-isolation/limitations.md | 2 +- .../hardened-desktop/settings-management/_index.md | 2 +- 4 files changed, 6 insertions(+), 14 deletions(-) diff --git a/content/desktop/hardened-desktop/_index.md b/content/desktop/hardened-desktop/_index.md index 51a371383c..1b2133117b 100644 --- a/content/desktop/hardened-desktop/_index.md +++ b/content/desktop/hardened-desktop/_index.md @@ -39,7 +39,7 @@ Hardened Docker Desktop moves the ownership boundary for Docker Desktop configur It is for security conscious organizations who: - Don’t give their users root or admin access on their machines -- Would like Docker Desktop to be within their organization’s centralized control +- Would like Docker Desktop to be within their organization’s centralized control - Have certain compliance obligations ### What does Hardened Docker Desktop include? diff --git a/content/desktop/hardened-desktop/enhanced-container-isolation/config.md b/content/desktop/hardened-desktop/enhanced-container-isolation/config.md index 4d599e4480..7a6fba4802 100644 --- a/content/desktop/hardened-desktop/enhanced-container-isolation/config.md +++ b/content/desktop/hardened-desktop/enhanced-container-isolation/config.md @@ -6,19 +6,15 @@ keywords: enhanced container isolation, Docker Desktop, Docker socket, bind moun > **Note** > -> This feature is available with Docker Desktop version 4.27 and later. It's currently in -> [Beta](../../../release-lifecycle.md/#beta). +> This feature is currently in [Beta](../../../release-lifecycle.md/#beta). +> It's available with Docker Desktop version 4.27 (and later) on Mac, Linux, and Windows (Hyper-V). +> For Windows with WSL 2, this feature requires Docker Desktop 4.28 and later. { .experimental } This page describes optional, advanced configurations for ECI, once ECI is enabled. ## Docker socket mount permissions -> **Important** -> -> It does not yet work on Windows hosts when Docker Desktop configured to use WSL, but does work with Hyper-V. -{ .important } - By default, when ECI is enabled, Docker Desktop does not allow bind-mounting the Docker Engine socket into containers: @@ -227,10 +223,6 @@ Whether to configure the list as an allow or deny list depends on the use case. ### Caveats and limitations -* Docker Socket Mount permissions don't yet work on Docker Desktop on Windows - hosts with WSL (but they work on Hyper-V). Support for WSL is expected to be - added soon. - * When Docker Desktop is restarted, it's possible that an image that is allowed to mount the Docker socket is unexpectedly blocked from doing so. This can happen when the image digest changes in the remote repository (e.g., a diff --git a/content/desktop/hardened-desktop/enhanced-container-isolation/limitations.md b/content/desktop/hardened-desktop/enhanced-container-isolation/limitations.md index 28f47ced98..b656697cc9 100644 --- a/content/desktop/hardened-desktop/enhanced-container-isolation/limitations.md +++ b/content/desktop/hardened-desktop/enhanced-container-isolation/limitations.md @@ -13,7 +13,7 @@ Hyper-V to create the Docker Desktop Linux VM. ECI was not supported when Docker Desktop was configured to use Windows Subsystem for Linux (aka WSL). Starting with Docker Desktop 4.20, ECI is supported when Docker Desktop is -configured to use either Hyper-V or WSL version 2. +configured to use either Hyper-V or WSL 2. >**Note** > diff --git a/content/desktop/hardened-desktop/settings-management/_index.md b/content/desktop/hardened-desktop/settings-management/_index.md index db79b139cc..7f69fcc3de 100644 --- a/content/desktop/hardened-desktop/settings-management/_index.md +++ b/content/desktop/hardened-desktop/settings-management/_index.md @@ -35,7 +35,7 @@ Using the `admin-settings.json` file, admins can: - Configure HTTP proxies - Configure network settings - Configure Kubernetes settings -- Enforce the use of WSL2 based engine or Hyper-V +- Enforce the use of WSL 2 based engine or Hyper-V - Configure Docker Engine - Turn off Docker Desktop's ability to checks for updates - Turn off Docker Extensions