MCPcopy Index your code
hub / github.com/docker/docker-agent / printToolInstallAllowance

Function printToolInstallAllowance

cmd/root/sandbox.go:523–538  ·  view source on GitHub ↗

printToolInstallAllowance prints a multi-line description of the package-host allowlist opened for this sandbox: a one-liner summary followed by every host on its own indented line so the user can see exactly what holes the run punched in the default- deny network policy. Silent when the kit isn't b

(w io.Writer, kitResult *kit.Result)

Source from the content-addressed store, hash-verified

521// warning line names each unresolved toolset so the user can spot
522// why the allowlist is wider than expected.
523func printToolInstallAllowance(w io.Writer, kitResult *kit.Result) {
524 if kitResult == nil || !kitResult.NeedsToolInstall {
525 return
526 }
527 fmt.Fprintf(w, "Tool install: agent has at least one MCP/LSP toolset, allowlisting %d package host(s) in the sandbox proxy:\n",
528 len(kitResult.ToolInstallHosts))
529 for _, h := range kitResult.ToolInstallHosts {
530 fmt.Fprintf(w, " - %s\n", h)
531 }
532 for _, e := range kitResult.ToolInstallHostsResolutionErr {
533 fmt.Fprintf(w, " ! %s (using fallback host set)\n", e.Error())
534 }
535 if len(kitResult.ToolInstallHostsResolutionErr) > 0 {
536 fmt.Fprintln(w, " hint: persist a missing host with `docker agent sandbox allow <host>`")
537 }
538}
539
540// printAgentNetworkAllowlist prints the host(s) the agent's config
541// asked us to add to the sandbox proxy. Surfacing them next to the

Callers 2

runInSandboxFunction · 0.85

Calls 1

ErrorMethod · 0.45

Tested by 1