From 6e78fdb790d2e1dbf95a1733cab9395b1b936622 Mon Sep 17 00:00:00 2001
From: Boaz Shuster <ripcurld.github@gmail.com>
Date: Wed, 15 Nov 2017 16:44:49 +0200
Subject: [PATCH] Display a warn message when there is binding ports and net
 mode is host

When a container is created if "--network" is set to "host" all the
ports in the container are bound to the host.
Thus, adding "-p" or "--publish" to the command-line is meaningless.

Unlike "docker run" and "docker create", "docker service create" sends
an error message when network mode is host and port bindings are given

This patch however suggests to send a warning message to the client when
such a case occurs.

The warning message is added to "warnings" which are returned from
"verifyPlatformContainerSettings".

Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
---
 daemon/container.go           | 12 +++++++++-
 daemon/container_unix_test.go | 44 +++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 daemon/container_unix_test.go

diff --git a/daemon/container.go b/daemon/container.go
index 26faedfdf9..6b65e829c1 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -333,6 +333,16 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
 		return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
 	}
 
+	var (
+		err      error
+		warnings []string
+	)
 	// Now do platform-specific verification
-	return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
+	if warnings, err = verifyPlatformContainerSettings(daemon, hostConfig, config, update); err != nil {
+		return warnings, err
+	}
+	if hostConfig.NetworkMode.IsHost() && len(hostConfig.PortBindings) > 0 {
+		warnings = append(warnings, "Published ports are discarded when using host network mode")
+	}
+	return warnings, err
 }
diff --git a/daemon/container_unix_test.go b/daemon/container_unix_test.go
new file mode 100644
index 0000000000..e102be6cdc
--- /dev/null
+++ b/daemon/container_unix_test.go
@@ -0,0 +1,44 @@
+// +build linux freebsd
+
+package daemon
+
+import (
+	"testing"
+
+	"github.com/docker/docker/api/types"
+	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/daemon/config"
+	"github.com/docker/go-connections/nat"
+	"github.com/stretchr/testify/require"
+)
+
+// TestContainerWarningHostAndPublishPorts that a warning is returned when setting network mode to host and specifying published ports.
+// This should not be tested on Windows because Windows doesn't support "host" network mode.
+func TestContainerWarningHostAndPublishPorts(t *testing.T) {
+	testCases := []struct {
+		ports    nat.PortMap
+		warnings []string
+	}{
+		{ports: nat.PortMap{}},
+		{ports: nat.PortMap{
+			"8080": []nat.PortBinding{{HostPort: "8989"}},
+		}, warnings: []string{"Published ports are discarded when using host network mode"}},
+	}
+
+	for _, tc := range testCases {
+		hostConfig := &containertypes.HostConfig{
+			Runtime:      "runc",
+			NetworkMode:  "host",
+			PortBindings: tc.ports,
+		}
+		cs := &config.Config{
+			CommonUnixConfig: config.CommonUnixConfig{
+				Runtimes: map[string]types.Runtime{"runc": {}},
+			},
+		}
+		d := &Daemon{configStore: cs}
+		wrns, err := d.verifyContainerSettings("", hostConfig, &containertypes.Config{}, false)
+		require.NoError(t, err)
+		require.Equal(t, tc.warnings, wrns)
+	}
+}