Turbo Client Security
There are several ways to control how containers can be run on your machine.
Trusted sources control which hub locations are allowed to have containers be started from web locations. By default, only https://turbo.net is trusted. A new hub can be added to the list with
turbo config --add-trusted-source=[hub-authority].
Any untrusted hub will result in a warning dialog that will ask the user if the container execution is desired. The user will have the option to trust future containers from the location.
A hub location can also be blocked which will prevent users from executing containers from those locations. A hub source can be blocked with
turbo config --block-trusted-source=[hub-authority].
The trusted sources can be set for all users on the machine with the --all-users flag. These will either set the defaults or the overrides depending on how the shared settings are configured.
# view current trusted sources > turbo config Hub server: https://turbo.net/ Turbo Drive is enabled (mounted as a T: drive) Trusted Hub Sources: turbo.net # add a trusted hub > turbo config --add-trusted-source=my-hub.com Hub server: https://turbo.net/ Turbo Drive is enabled (mounted as a T: drive) Trusted Hub Sources: turbo.net my-hub.com # block a hub > turbo config --block-trusted-source=dangerous-hub.net Hub server: https://turbo.net/ Turbo Drive is enabled (mounted as a T: drive) Trusted Hub Sources: turbo.net my-hub.com Blocked Hub Sources: dangerous-hub.net
Local Resource Requests
Containers which are executed remotely may require access to local resources (such as local network). If the container requires access but is not allowed globally then a security dialog will be shown to request permission.
To allow access to the local network automatically, use
turbo config --enable=LocalNetworkAccess.