diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index db0a7d5def..084af75c02 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -319,7 +319,8 @@ With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--net container:`. Note that `--add-host` `--hostname` `--dns` `--dns-search` and `--mac-address` is invalid -in `container` netmode. +in `container` netmode, and `--publish` `--publish-all` `--expose` are also +invalid in `container` netmode. Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index 06a978ad24..1ec776ecc0 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -3177,3 +3177,30 @@ func (s *DockerSuite) TestDevicePermissions(c *check.C) { c.Fatalf("output should begin with %q, got %q", permissions, out) } } + +func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) { + cmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "busybox", "top") + out, _, err := runCommandWithOutput(cmd) + if err != nil { + c.Fatalf("failed to run container: %v, output: %q", err, out) + } + + cmd = exec.Command(dockerBinary, "run", "-p", "5000:5000", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") { + c.Fatalf("run --net=container with -p should error out") + } + + cmd = exec.Command(dockerBinary, "run", "-P", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") { + c.Fatalf("run --net=container with -P should error out") + } + + cmd = exec.Command(dockerBinary, "run", "--expose", "5000", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: --expose and the network mode (--expose)") { + c.Fatalf("run --net=container with --expose should error out") + } + +} diff --git a/runconfig/parse.go b/runconfig/parse.go index d5dfc8e66e..3ea48a5a3b 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -20,6 +20,8 @@ var ( ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior") ErrConflictContainerNetworkAndMac = fmt.Errorf("Conflicting options: --mac-address and the network mode (--net)") ErrConflictNetworkHosts = fmt.Errorf("Conflicting options: --add-host and the network mode (--net)") + ErrConflictNetworkPublishPorts = fmt.Errorf("Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") + ErrConflictNetworkExposePorts = fmt.Errorf("Conflicting options: --expose and the network mode (--expose)") ) func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSet, error) { @@ -143,6 +145,13 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe return nil, nil, cmd, ErrConflictContainerNetworkAndMac } + if netMode.IsContainer() && (flPublish.Len() > 0 || *flPublishAll == true) { + return nil, nil, cmd, ErrConflictNetworkPublishPorts + } + + if netMode.IsContainer() && flExpose.Len() > 0 { + return nil, nil, cmd, ErrConflictNetworkExposePorts + } // Validate the input mac address if *flMacAddress != "" { if _, err := opts.ValidateMACAddress(*flMacAddress); err != nil {