kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #7066 from unclejack/disallow_links_with_nethost

Browse source 
don't allow links to be used with --net=host
This commit is contained in:
Victor Vieux 2014-07-16 16:21:13 -07:00
commit 6cd1061a5b
2 changed files with 23 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
integration-cli/docker_cli_run_test.go
View file

@ -722,6 +722,20 @@ func TestLoopbackWhenNetworkDisabled(t *testing.T) {
logDone("run - test container loopback when networking disabled")
}
func TestNetHostNotAllowedWithLinks(t *testing.T) {
_, _, err := cmd(t, "run", "--name", "linked", "busybox", "true")
cmd := exec.Command(dockerBinary, "run", "--net=host", "--link", "linked:linked", "busybox", "true")
_, _, err = runCommandWithOutput(cmd)
if err == nil {
t.Fatal("Expected error")
}
deleteAllContainers()
logDone("run - don't allow --net=host to be used with links")
}
func TestLoopbackOnlyExistsWhenNetworkingDisabled(t *testing.T) {
cmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up")
out, _, err := runCommandWithOutput(cmd)

13
runconfig/parse.go
View file

@ -15,10 +15,11 @@ import (
)
var (
ErrInvalidWorkingDirectory = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
ErrConflictAttachDetach = fmt.Errorf("Conflicting options: -a and -d")
ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d")
ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
ErrInvalidWorkingDirectory = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
ErrConflictAttachDetach = fmt.Errorf("Conflicting options: -a and -d")
ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d")
ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: -h and the network mode (--net)")
ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior.")
)
//FIXME Only used in tests
@ -115,6 +116,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
return nil, nil, cmd, ErrConflictNetworkHostname
}
if *flNetMode == "host" && flLinks.Len() > 0 {
return nil, nil, cmd, ErrConflictHostNetworkAndLinks
}
// If neither -d or -a are set, attach to everything by default
if flAttach.Len() == 0 && !*flDetach {
if !*flDetach {