From 049966bdc2fe54ed3327b55268214e62c8bce8c7 Mon Sep 17 00:00:00 2001
From: Grant Millar <rid@cylo.io>
Date: Wed, 28 Aug 2019 18:59:49 +0100
Subject: [PATCH] Shorten controller ID in exec-root to not hit UNIX_PATH_MAX

Signed-off-by: Grant Millar <rid@cylo.io>
---
 libnetwork/sandbox_externalkey_unix.go | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/libnetwork/sandbox_externalkey_unix.go b/libnetwork/sandbox_externalkey_unix.go
index 5006583c5b..d0f60deda7 100644
--- a/libnetwork/sandbox_externalkey_unix.go
+++ b/libnetwork/sandbox_externalkey_unix.go
@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/libnetwork/types"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
@@ -24,7 +25,7 @@ const (
 )
 
 // processSetKeyReexec is a private function that must be called only on an reexec path
-// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }
+// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <short-controller-id> }
 // It also expects specs.State as a json string in <stdin>
 // Refer to https://github.com/opencontainers/runc/pull/160/ for more information
 // The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker".
@@ -41,14 +42,14 @@ func processSetKeyReexec() {
 	execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")
 	flag.Parse()
 
-	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
+	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<short-controller-id> }
 	// (i.e. expecting 2 flag.Args())
 	args := flag.Args()
 	if len(args) < 2 {
 		err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))
 		return
 	}
-	containerID, controllerID := args[0], args[1]
+	containerID, shortCtlrID := args[0], args[1]
 
 	// We expect specs.State as a json string in <stdin>
 	stateBuf, err := ioutil.ReadAll(os.Stdin)
@@ -60,16 +61,16 @@ func processSetKeyReexec() {
 		return
 	}
 
-	err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
+	err = SetExternalKey(shortCtlrID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
 }
 
 // SetExternalKey provides a convenient way to set an External key to a sandbox
-func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {
+func SetExternalKey(shortCtlrID string, containerID string, key string, execRoot string) error {
 	keyData := setKeyData{
 		ContainerID: containerID,
 		Key:         key}
 
-	uds := filepath.Join(execRoot, execSubdir, controllerID+".sock")
+	uds := filepath.Join(execRoot, execSubdir, shortCtlrID+".sock")
 	c, err := net.Dial("unix", uds)
 	if err != nil {
 		return err
@@ -120,7 +121,8 @@ func (c *controller) startExternalKeyListener() error {
 	if err := os.MkdirAll(udsBase, 0600); err != nil {
 		return err
 	}
-	uds := filepath.Join(udsBase, c.id+".sock")
+	shortCtlrID := stringid.TruncateID(c.id)
+	uds := filepath.Join(udsBase, shortCtlrID+".sock")
 	l, err := net.Listen("unix", uds)
 	if err != nil {
 		return err