bake: fix entitlements check for default SSH socket

There was a mixup between fs.read and ssh entitlements check. Corrected behavior is that if bake definition requires default SSH forwarding then "ssh" entitlement is needed. If it requires SSH forwarding via fixed file path then "fs.read" entitlement is needed for that path. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-07-31 23:58:03 +08:00 · 2025-01-08 18:15:15 -08:00
parent 883806524a
commit 5f057bdee7
2 changed files with 110 additions and 1 deletions
--- a/bake/entitlements.go
+++ b/bake/entitlements.go
@@ -145,7 +145,9 @@ func (c EntitlementConf) check(bo build.Options, expected *EntitlementConf) erro
 			roPaths[p] = struct{}{}
 		}
 		if len(ssh.Paths) == 0 {
-			expected.SSH = true
+			if !c.SSH {
+				expected.SSH = true
+			}
 		}
 	}