bake: add filesystem entitlements support

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-07-09 21:17:09 +08:00 · 2024-08-23 16:36:23 +03:00
parent 4b5d78db9b
commit 1af4f05ba4
5 changed files with 806 additions and 10 deletions
--- a/commands/bake.go
+++ b/commands/bake.go
@ -107,6 +107,13 @@ func runBake(ctx context.Context, dockerCli command.Cli, targets []string, in ba
 	if err != nil {
 		return err
 	}
+	wd, err := os.Getwd()
+	if err != nil {
+		return errors.Wrapf(err, "failed to get current working directory")
+	}
+	// filesystem access under the current working directory is allowed by default
+	ent.FSRead = append(ent.FSRead, wd)
+	ent.FSWrite = append(ent.FSWrite, wd)

 	ctx2, cancel := context.WithCancelCause(context.TODO())
 	defer cancel(errors.WithStack(context.Canceled))