From f8a909f0915983b7e16a55abffee858e567ff6d7 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Thu, 3 Sep 2020 20:38:04 +0200
Subject: [PATCH] Allow daemon side entitlements by default

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 README.md      | 2 +-
 action.yml     | 1 +
 dist/index.js  | 3 ++-
 src/context.ts | 4 +++-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 434ac14..baa42ed 100644
--- a/README.md
+++ b/README.md
@@ -131,7 +131,7 @@ Following inputs can be used as `step.with` keys
 | `version`          | String  | [Buildx](https://github.com/docker/buildx) version. (e.g. `v0.3.0`, `latest`) |
 | `driver`           | String  | Sets the [builder driver](https://github.com/docker/buildx#--driver-driver) to be used (default `docker-container`) |
 | `driver-opts`      | CSV     | List of additional [driver-specific options](https://github.com/docker/buildx#--driver-opt-options) |
-| `buildkitd-flags`  | String  | [Flags for buildkitd](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) daemon |
+| `buildkitd-flags`  | String  | [Flags for buildkitd](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) daemon (default `--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host`) |
 | `install`          | Bool    | Sets up `docker build` command as an alias to `docker buildx` (default `false`) |
 | `use`              | Bool    | Switch to this builder instance (default `true`) |
 
diff --git a/action.yml b/action.yml
index 369c8f3..c50254a 100644
--- a/action.yml
+++ b/action.yml
@@ -19,6 +19,7 @@ inputs:
     required: false
   buildkitd-flags:
     description: 'Flags for buildkitd daemon'
+    default: '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host'
     required: false
   install:
     description: 'Sets up docker build command as an alias to docker buildx'
diff --git a/dist/index.js b/dist/index.js
index db03322..c07d16f 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -6528,7 +6528,8 @@ function getInputs() {
             version: core.getInput('version'),
             driver: core.getInput('driver') || 'docker-container',
             driverOpts: yield getInputList('driver-opts', true),
-            buildkitdFlags: core.getInput('buildkitd-flags'),
+            buildkitdFlags: core.getInput('buildkitd-flags') ||
+                '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
             install: /true/i.test(core.getInput('install')),
             use: /true/i.test(core.getInput('use'))
         };
diff --git a/src/context.ts b/src/context.ts
index c2af0f3..b8a3d9b 100644
--- a/src/context.ts
+++ b/src/context.ts
@@ -17,7 +17,9 @@ export async function getInputs(): Promise<Inputs> {
     version: core.getInput('version'),
     driver: core.getInput('driver') || 'docker-container',
     driverOpts: await getInputList('driver-opts', true),
-    buildkitdFlags: core.getInput('buildkitd-flags'),
+    buildkitdFlags:
+      core.getInput('buildkitd-flags') ||
+      '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
     install: /true/i.test(core.getInput('install')),
     use: /true/i.test(core.getInput('use'))
   };