From 13f2aa70687e21159eb8ef13eb5dddb785f0e1ee Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Wed, 27 May 2015 15:31:06 +0800 Subject: [PATCH] Add --net=container with --publish --publish-all --expose error out Signed-off-by: Lei Jitang --- docs/sources/reference/run.md | 3 ++- integration-cli/docker_cli_run_test.go | 27 ++++++++++++++++++++++++++ runconfig/parse.go | 9 +++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7c5113f6de..b5a4920c54 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -319,7 +319,8 @@ With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--net container:`. Note that `--add-host` `--hostname` `--dns` `--dns-search` and `--mac-address` is invalid -in `container` netmode. +in `container` netmode, and `--publish` `--publish-all` `--expose` are also +invalid in `container` netmode. Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index 1c47e53dfc..ed3ef5b043 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -3186,3 +3186,30 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) { c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err) } } + +func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) { + cmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "busybox", "top") + out, _, err := runCommandWithOutput(cmd) + if err != nil { + c.Fatalf("failed to run container: %v, output: %q", err, out) + } + + cmd = exec.Command(dockerBinary, "run", "-p", "5000:5000", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") { + c.Fatalf("run --net=container with -p should error out") + } + + cmd = exec.Command(dockerBinary, "run", "-P", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") { + c.Fatalf("run --net=container with -P should error out") + } + + cmd = exec.Command(dockerBinary, "run", "--expose", "5000", "--net=container:parent", "busybox") + out, _, err = runCommandWithOutput(cmd) + if err == nil || !strings.Contains(out, "Conflicting options: --expose and the network mode (--expose)") { + c.Fatalf("run --net=container with --expose should error out") + } + +} diff --git a/runconfig/parse.go b/runconfig/parse.go index 46ec267851..65752738b5 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -20,6 +20,8 @@ var ( ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior") ErrConflictContainerNetworkAndMac = fmt.Errorf("Conflicting options: --mac-address and the network mode (--net)") ErrConflictNetworkHosts = fmt.Errorf("Conflicting options: --add-host and the network mode (--net)") + ErrConflictNetworkPublishPorts = fmt.Errorf("Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") + ErrConflictNetworkExposePorts = fmt.Errorf("Conflicting options: --expose and the network mode (--expose)") ) func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSet, error) { @@ -143,6 +145,13 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe return nil, nil, cmd, ErrConflictContainerNetworkAndMac } + if netMode.IsContainer() && (flPublish.Len() > 0 || *flPublishAll == true) { + return nil, nil, cmd, ErrConflictNetworkPublishPorts + } + + if netMode.IsContainer() && flExpose.Len() > 0 { + return nil, nil, cmd, ErrConflictNetworkExposePorts + } // Validate the input mac address if *flMacAddress != "" { if _, err := opts.ValidateMACAddress(*flMacAddress); err != nil {