From be8cea98560f4e63ff367a632539bf9f6bf929a4 Mon Sep 17 00:00:00 2001 From: unclejack Date: Thu, 17 Jul 2014 00:09:30 +0300 Subject: [PATCH] don't allow links to be used with --net=host Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- integration-cli/docker_cli_run_test.go | 14 ++++++++++++++ runconfig/parse.go | 13 +++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index d01c00ad6b..7ad1816282 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -722,6 +722,20 @@ func TestLoopbackWhenNetworkDisabled(t *testing.T) { logDone("run - test container loopback when networking disabled") } +func TestNetHostNotAllowedWithLinks(t *testing.T) { + _, _, err := cmd(t, "run", "--name", "linked", "busybox", "true") + + cmd := exec.Command(dockerBinary, "run", "--net=host", "--link", "linked:linked", "busybox", "true") + _, _, err = runCommandWithOutput(cmd) + if err == nil { + t.Fatal("Expected error") + } + + deleteAllContainers() + + logDone("run - don't allow --net=host to be used with links") +} + func TestLoopbackOnlyExistsWhenNetworkingDisabled(t *testing.T) { cmd := exec.Command(dockerBinary, "run", "--net=none", "busybox", "ip", "-o", "-4", "a", "show", "up") out, _, err := runCommandWithOutput(cmd) diff --git a/runconfig/parse.go b/runconfig/parse.go index 3e52007544..3d583d1e8e 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -15,10 +15,11 @@ import ( ) var ( - ErrInvalidWorkingDirectory = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.") - ErrConflictAttachDetach = fmt.Errorf("Conflicting options: -a and -d") - ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d") - ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: -h and the network mode (--net)") + ErrInvalidWorkingDirectory = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.") + ErrConflictAttachDetach = fmt.Errorf("Conflicting options: -a and -d") + ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d") + ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: -h and the network mode (--net)") + ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior.") ) //FIXME Only used in tests @@ -115,6 +116,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf return nil, nil, cmd, ErrConflictNetworkHostname } + if *flNetMode == "host" && flLinks.Len() > 0 { + return nil, nil, cmd, ErrConflictHostNetworkAndLinks + } + // If neither -d or -a are set, attach to everything by default if flAttach.Len() == 0 && !*flDetach { if !*flDetach {