wxdao

是否会配套提供用 API 调用的时候可以这样传参的功能呢？

Really need this. The `FROM DOCKERFILE` command reads build context from host or artifact only. It's currently impossible to me to make a common UDC to build image from variable...

maybe adding a builtin http proxy to socks5 proxy converter will do.

Hi bianpeng, may I know what is blocking the impl of this extension? Is it about lack of apis in proxy wasm abi?

TBH I’ve never considered a shared builkitd being secure with or without the flag. For in-house usage workloads are controlled and nobody cares security. For multi tenant saas platforms security...

My point is it’s not wise to aim for multi tenant safety too much on buildkitd and dagger level. It’s already insecure by nature as long as builkitd need -privileged...

@shykes How about in the short term 1) add privileged option on exec operation 2) enabled privileged exec support by default for embedded dagger engine? I guess the authorization hook...

Thanks. Waiting for the good news then.