From 6205a5d616d9e71cb33ffa5438495720458d1591 Mon Sep 17 00:00:00 2001
From: Shijiang Wei <mountkin@gmail.com>
Date: Mon, 5 Sep 2016 19:36:59 +0800
Subject: [PATCH] make sure the user-provided bridge interface is a bridge

Signed-off-by: Shijiang Wei <mountkin@gmail.com>
---
 libnetwork/drivers/bridge/bridge.go         |  5 ++++-
 libnetwork/drivers/bridge/interface.go      |  6 ++++--
 libnetwork/drivers/bridge/interface_test.go | 13 +++++++++++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/libnetwork/drivers/bridge/bridge.go b/libnetwork/drivers/bridge/bridge.go
index e276bc7b96..6c6256a947 100644
--- a/libnetwork/drivers/bridge/bridge.go
+++ b/libnetwork/drivers/bridge/bridge.go
@@ -641,7 +641,10 @@ func (d *driver) createNetwork(config *networkConfiguration) error {
 	d.Unlock()
 
 	// Create or retrieve the bridge L3 interface
-	bridgeIface := newInterface(d.nlh, config)
+	bridgeIface, err := newInterface(d.nlh, config)
+	if err != nil {
+		return err
+	}
 	network.bridge = bridgeIface
 
 	// Verify the network configuration does not conflict with previously installed
diff --git a/libnetwork/drivers/bridge/interface.go b/libnetwork/drivers/bridge/interface.go
index 4a5dbfcbe5..16a8c7722d 100644
--- a/libnetwork/drivers/bridge/interface.go
+++ b/libnetwork/drivers/bridge/interface.go
@@ -28,7 +28,7 @@ type bridgeInterface struct {
 // an already existing device identified by the configuration BridgeName field,
 // or the default bridge name when unspecified, but doesn't attempt to create
 // one when missing
-func newInterface(nlh *netlink.Handle, config *networkConfiguration) *bridgeInterface {
+func newInterface(nlh *netlink.Handle, config *networkConfiguration) (*bridgeInterface, error) {
 	var err error
 	i := &bridgeInterface{nlh: nlh}
 
@@ -41,8 +41,10 @@ func newInterface(nlh *netlink.Handle, config *networkConfiguration) *bridgeInte
 	i.Link, err = nlh.LinkByName(config.BridgeName)
 	if err != nil {
 		logrus.Debugf("Did not find any interface with name %s: %v", config.BridgeName, err)
+	} else if _, ok := i.Link.(*netlink.Bridge); !ok {
+		return nil, fmt.Errorf("existing interface %s is not a bridge", i.Link.Attrs().Name)
 	}
-	return i
+	return i, nil
 }
 
 // exists indicates if the existing bridge interface exists on the system.
diff --git a/libnetwork/drivers/bridge/interface_test.go b/libnetwork/drivers/bridge/interface_test.go
index 48b479ca49..0e7dec3b5a 100644
--- a/libnetwork/drivers/bridge/interface_test.go
+++ b/libnetwork/drivers/bridge/interface_test.go
@@ -15,7 +15,12 @@ func TestInterfaceDefaultName(t *testing.T) {
 		t.Fatal(err)
 	}
 	config := &networkConfiguration{}
-	if _ = newInterface(nh, config); config.BridgeName != DefaultBridgeName {
+	_, err = newInterface(nh, config)
+	if err != nil {
+		t.Fatalf("newInterface() failed: %v", err)
+	}
+
+	if config.BridgeName != DefaultBridgeName {
 		t.Fatalf("Expected default interface name %q, got %q", DefaultBridgeName, config.BridgeName)
 	}
 }
@@ -27,7 +32,11 @@ func TestAddressesEmptyInterface(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	inf := newInterface(nh, &networkConfiguration{})
+	inf, err := newInterface(nh, &networkConfiguration{})
+	if err != nil {
+		t.Fatalf("newInterface() failed: %v", err)
+	}
+
 	addrv4, addrsv6, err := inf.addresses()
 	if err != nil {
 		t.Fatalf("Failed to get addresses of default interface: %v", err)