Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Volume Restriction on Self-Hosted Bitbucket Runner

AliReza Beigy
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 9, 2024

Based on the information provided in the [Bitbucket Cloud documentation](https://support.atlassian.com/bitbucket-cloud/docs/run-docker-commands-in-bitbucket-pipelines/#:~:text=build%20.%0A%20%20%20%20%20%20%20%20services%3A%0A%20%20%20%20%20%20%20%20%20%20%2D%20docker-,Running%20Docker%20commands,docker%20run%20%2D%2Dmount,-Full%20list%20of), the volume restriction should apply only to Bitbucket Cloud, not to self-hosted runners.

However, when using a self-hosted runner, I encountered the following error:

```
Error response from daemon: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories
```

This error suggests that volume mounting is restricted, even on my self-hosted runner, where I expected no such limitations.

In my search for a workaround, I came across the suggestion to use `scp` to copy files to the server. However, I’m struggling to understand the rationale behind this security limitation, which restricts access to our own server directories.

**Question:**
- Is there a specific reason why this volume restriction is enforced even on self-hosted runners?
- Are there any recommended approaches or best practices to‌ bypass or mitigate this restriction, aside from using `scp`?

1 answer

1 accepted

0 votes
Answer accepted
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 13, 2024

Hey @AliReza Beigy ,

and welcome to the community!

When using docker commands inside your pipeline, the self-hosted runner will by default  use the same docker-in-docker image as builds executed in Atlassian infrastructure. This means that the same security restrictions applied to a build executed in the cloud will be applied to the self-hosted runner, such as the volume restrictions you mentioned.

However, in self-hosted runners, you have the ability to specify a custom docker in docker that doesn't implement those restrictions, and this would enable you  to mount volumes outside the $BITBUCKET_CLONE_DIR, run the container in privileged mode and so on.

Following is one example of how you can specify a custom docker image in your pipeline : 

definitions:
services:
docker:
type: docker
image: docker:dind #defining a custom docker in docker image, instead of using atlassian's default


pipelines:
default:
- step:
runs-on:
- self.hosted
- linux
script:
- docker run -v /dev:/dev ubuntu:latest echo test #testing mounting a volume outside $BITBUCKET_CLONE_DIR
services:
- docker

You can use the YAML above as a reference and adjust according to your build requirements.

I hope that information helps! Should you have any questions, let us know!

Thank you, @AliReza Beigy !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events