Based on the information provided in the [Bitbucket Cloud documentation](https://support.atlassian.com/bitbucket-cloud/docs/run-docker-commands-in-bitbucket-pipelines/#:~:text=build%20.%0A%20%20%20%20%20%20%20%20services%3A%0A%20%20%20%20%20%20%20%20%20%20%2D%20docker-,Running%20Docker%20commands,docker%20run%20%2D%2Dmount,-Full%20list%20of), the volume restriction should apply only to Bitbucket Cloud, not to self-hosted runners.
However, when using a self-hosted runner, I encountered the following error:
```
Error response from daemon: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories
```
This error suggests that volume mounting is restricted, even on my self-hosted runner, where I expected no such limitations.
In my search for a workaround, I came across the suggestion to use `scp` to copy files to the server. However, I’m struggling to understand the rationale behind this security limitation, which restricts access to our own server directories.
**Question:**
- Is there a specific reason why this volume restriction is enforced even on self-hosted runners?
- Are there any recommended approaches or best practices to bypass or mitigate this restriction, aside from using `scp`?
Hey @AliReza Beigy ,
and welcome to the community!
When using docker commands inside your pipeline, the self-hosted runner will by default use the same docker-in-docker image as builds executed in Atlassian infrastructure. This means that the same security restrictions applied to a build executed in the cloud will be applied to the self-hosted runner, such as the volume restrictions you mentioned.
However, in self-hosted runners, you have the ability to specify a custom docker in docker that doesn't implement those restrictions, and this would enable you to mount volumes outside the $BITBUCKET_CLONE_DIR, run the container in privileged mode and so on.
Following is one example of how you can specify a custom docker image in your pipeline :
definitions:
services:
docker:
type: docker
image: docker:dind #defining a custom docker in docker image, instead of using atlassian's default
pipelines:
default:
- step:
runs-on:
- self.hosted
- linux
script:
- docker run -v /dev:/dev ubuntu:latest echo test #testing mounting a volume outside $BITBUCKET_CLONE_DIR
services:
- docker
You can use the YAML above as a reference and adjust according to your build requirements.
I hope that information helps! Should you have any questions, let us know!
Thank you, @AliReza Beigy !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.