diff options
| author | openshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com> | 2022-06-16 16:37:40 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-16 16:37:40 +0000 |
| commit | 8765adb756c570a13f06b9c60596d34567d6568b (patch) | |
| tree | d566893be121fc86e9e7faf54a7221c0a5798925 | |
| parent | e6fe06f5914638583aa6bbc96be51c944350d6bd (diff) | |
| parent | 6c5e1420e248fb72cc400865401d19ff6c54a7e9 (diff) | |
| download | podman-8765adb756c570a13f06b9c60596d34567d6568b.tar.gz podman-8765adb756c570a13f06b9c60596d34567d6568b.tar.bz2 podman-8765adb756c570a13f06b9c60596d34567d6568b.zip | |
Merge pull request #14621 from mheon/api_sec_notice
[CI:DOCS] Make it clear the REST API could be a security issue
| -rw-r--r-- | docs/source/markdown/podman-system-service.1.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md index 176d73eda..99fde8ce4 100644 --- a/docs/source/markdown/podman-system-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -21,6 +21,10 @@ The REST API provided by **podman system service** is split into two parts: a co Documentation for the latter is available at *https://docs.podman.io/en/latest/_static/api.html*. Both APIs are versioned, but the server will not reject requests with an unsupported version set. +Please note that the API grants full access to Podman's capabilities, and as such should be treated as allowing arbitrary code execution as the user running the API. +As such, we strongly recommend against making the API socket available via the network. +The default configuration (a Unix socket with permissions set to only allow the user running Podman) is the most secure way of running the API. + Note: The default systemd unit files (system and user) change the log-level option to *info* from *error*. This change provides additional information on each API call. ## OPTIONS |