diff --git a/daemon/config.go b/daemon/config.go index e496e89e68..fbb05c3ac4 100644 --- a/daemon/config.go +++ b/daemon/config.go @@ -17,7 +17,7 @@ type CommonConfig struct { AutoRestart bool Context map[string][]string CorsHeaders string - DisableNetwork bool + DisableBridge bool Dns []string DnsSearch []string EnableCors bool diff --git a/daemon/container_linux.go b/daemon/container_linux.go index e3cd9fc829..ccab94c99c 100644 --- a/daemon/container_linux.go +++ b/daemon/container_linux.go @@ -469,7 +469,7 @@ func (container *Container) buildJoinOptions() ([]libnetwork.EndpointOption, err logrus.Error(err) } - if c != nil && !container.daemon.config.DisableNetwork && container.hostConfig.NetworkMode.IsPrivate() { + if c != nil && !container.daemon.config.DisableBridge && container.hostConfig.NetworkMode.IsPrivate() { logrus.Debugf("Update /etc/hosts of %s for alias %s with ip %s", c.ID, ref.Name, container.NetworkSettings.IPAddress) joinOptions = append(joinOptions, libnetwork.JoinOptionParentUpdate(c.NetworkSettings.EndpointID, ref.Name, container.NetworkSettings.IPAddress)) if c.NetworkSettings.EndpointID != "" { @@ -773,6 +773,11 @@ func (container *Container) secondaryNetworkRequired(primaryNetworkType string) case "bridge", "none", "host", "container": return false } + + if container.daemon.config.DisableBridge { + return false + } + if container.Config.ExposedPorts != nil && len(container.Config.ExposedPorts) > 0 { return true } @@ -803,6 +808,11 @@ func (container *Container) AllocateNetwork() error { return fmt.Errorf("conflicting options: publishing a service and network mode") } + if runconfig.NetworkMode(networkDriver).IsBridge() && container.daemon.config.DisableBridge { + container.Config.NetworkDisabled = true + return nil + } + if service == "" { // dot character "." has a special meaning to support SERVICE[.NETWORK] format. // For backward compatiblity, replacing "." with "-", instead of failing @@ -897,10 +907,6 @@ func (container *Container) initializeNetworking() error { return nil } - if container.daemon.config.DisableNetwork { - container.Config.NetworkDisabled = true - } - if container.hostConfig.NetworkMode.IsHost() { container.Config.Hostname, err = os.Hostname() if err != nil { @@ -999,7 +1005,7 @@ func (container *Container) getNetworkedContainer() (*Container, error) { } func (container *Container) ReleaseNetwork() { - if container.hostConfig.NetworkMode.IsContainer() || container.daemon.config.DisableNetwork { + if container.hostConfig.NetworkMode.IsContainer() || container.Config.NetworkDisabled { return } diff --git a/daemon/daemon.go b/daemon/daemon.go index 92d7de1aa4..0a46ce2ae3 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -561,7 +561,7 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo } // Do we have a disabled network? - config.DisableNetwork = isNetworkDisabled(config) + config.DisableBridge = isBridgeNetworkDisabled(config) // Check that the system is supported and we have sufficient privileges if err := checkSystem(); err != nil { @@ -684,11 +684,9 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo return nil, fmt.Errorf("Couldn't create Tag store: %s", err) } - if !config.DisableNetwork { - d.netController, err = initNetworkController(config) - if err != nil { - return nil, fmt.Errorf("Error initializing network controller: %v", err) - } + d.netController, err = initNetworkController(config) + if err != nil { + return nil, fmt.Errorf("Error initializing network controller: %v", err) } graphdbPath := filepath.Join(config.Root, "linkgraph.db") diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index fcf583a9ca..c4410a895a 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -268,7 +268,7 @@ func configureSysInit(config *Config) (string, error) { return sysInitPath, nil } -func isNetworkDisabled(config *Config) bool { +func isBridgeNetworkDisabled(config *Config) bool { return config.Bridge.Iface == disableNetworkBridge } @@ -336,12 +336,22 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error) return nil, fmt.Errorf("Error creating default \"host\" network: %v", err) } - // Initialize default driver "bridge" + if !config.DisableBridge { + // Initialize default driver "bridge" + if err := initBridgeDriver(controller, config); err != nil { + return nil, err + } + } + + return controller, nil +} + +func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error { option := options.Generic{ "EnableIPForwarding": config.Bridge.EnableIPForward} if err := controller.ConfigureNetworkDriver("bridge", options.Generic{netlabel.GenericData: option}); err != nil { - return nil, fmt.Errorf("Error initializing bridge driver: %v", err) + return fmt.Errorf("Error initializing bridge driver: %v", err) } netOption := options.Generic{ @@ -356,7 +366,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error) if config.Bridge.IP != "" { ip, bipNet, err := net.ParseCIDR(config.Bridge.IP) if err != nil { - return nil, err + return err } bipNet.IP = ip @@ -366,7 +376,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error) if config.Bridge.FixedCIDR != "" { _, fCIDR, err := net.ParseCIDR(config.Bridge.FixedCIDR) if err != nil { - return nil, err + return err } netOption["FixedCIDR"] = fCIDR @@ -375,7 +385,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error) if config.Bridge.FixedCIDRv6 != "" { _, fCIDRv6, err := net.ParseCIDR(config.Bridge.FixedCIDRv6) if err != nil { - return nil, err + return err } netOption["FixedCIDRv6"] = fCIDRv6 @@ -395,16 +405,15 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error) } // Initialize default network on "bridge" with the same name - _, err = controller.NewNetwork("bridge", "bridge", + _, err := controller.NewNetwork("bridge", "bridge", libnetwork.NetworkOptionGeneric(options.Generic{ netlabel.GenericData: netOption, netlabel.EnableIPv6: config.Bridge.EnableIPv6, })) if err != nil { - return nil, fmt.Errorf("Error creating default \"bridge\" network: %v", err) + return fmt.Errorf("Error creating default \"bridge\" network: %v", err) } - - return controller, nil + return nil } // setupInitLayer populates a directory with mountpoints suitable diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go index 18a2f08b35..5bc8d8cba3 100644 --- a/daemon/daemon_windows.go +++ b/daemon/daemon_windows.go @@ -96,7 +96,7 @@ func configureSysInit(config *Config) (string, error) { return os.Getenv("TEMP"), nil } -func isNetworkDisabled(config *Config) bool { +func isBridgeNetworkDisabled(config *Config) bool { return false } diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index 905caa3362..9b77d918e4 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -1324,7 +1324,17 @@ func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) { out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l") c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) c.Assert(strings.Contains(out, "eth0"), check.Equals, false, - check.Commentf("There shouldn't be eth0 in container when network is disabled: %s", out)) + check.Commentf("There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled: %s", out)) + + out, err = s.d.Cmd("run", "--rm", "--net=bridge", "busybox", "ip", "l") + c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) + c.Assert(strings.Contains(out, "eth0"), check.Equals, false, + check.Commentf("There shouldn't be eth0 in container in bridge mode when bridge network is disabled: %s", out)) + + out, err = s.d.Cmd("run", "--rm", "--net=host", "busybox", "ip", "l") + c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) + c.Assert(strings.Contains(out, "eth0"), check.Equals, true, + check.Commentf("There should be eth0 in container when --net=host when bridge network is disabled: %s", out)) } func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {