-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker push missing visibility setting #4977
Comments
Hi I'm a UT Austin student, and would like to work on this issue if possible! |
Thanks for opening this ticket; I'm not sure if this is something that can be implemented in the docker engine itself. The OCI distribution specification (which is used for all registries, including docker hub) allows clients to upload images ("manifests"), but has no concept of "visibility"; https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#pushing-manifests Some registries disallow pushing to a repository that does not yet exist (in which case they produce an error), but Docker Hub defaults to creating the repository, using the default visibility settings as configured in the namespace; https://docs.docker.com/docker-hub/repos/create/ |
Description
docker push
allows pushing a new image to the docker hub. If a repo has not already been created and marked private, the repo will be created with public visibility. When changing configurations this makes it easy to leak repositories that were not intended to be public.Reproduce
docker push <image>
(with image intended to be private)Expected behavior
Docker CLI should support a
--visibility=private/public
flag or similar to prevent images from unintentionally being exposed publicly.docker version
Client: Docker Engine - Community Version: 26.0.0 API version: 1.45 Go version: go1.21.8 Git commit: 2ae903e Built: Wed Mar 20 15:17:48 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 26.0.0 API version: 1.45 (minimum version 1.24) Go version: go1.21.8 Git commit: 8b79278 Built: Wed Mar 20 15:17:48 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.28 GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker info
Additional Info
No response
The text was updated successfully, but these errors were encountered: