From ed5054389aa7cd0456bfdf1d940d3cdad0313f8f Mon Sep 17 00:00:00 2001 From: Timothy Date: Mon, 16 Jun 2014 13:41:09 +0000 Subject: [PATCH] Document the potential insecurity of --net host Docker-DCO-1.1-Signed-off-by: Timothy (github: https://github.com/timthelion) --- docs/sources/articles/networking.md | 5 +++++ docs/sources/reference/run.md | 2 +- runconfig/parse.go | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/sources/articles/networking.md b/docs/sources/articles/networking.md index 44536d6441..927cd80875 100644 --- a/docs/sources/articles/networking.md +++ b/docs/sources/articles/networking.md @@ -536,6 +536,11 @@ values. **not** let the container reconfigure the host network stack — that would require `--privileged=true` — but it does let container processes open low-numbered ports like any other root process. + It also allows the container to access local network services + like D-bus. This can lead to processes in the container being + able to do unexpected things like + [restart your computer](https://github.com/dotcloud/docker/issues/6401). + You should use this option with caution. * `--net=container:NAME_or_ID` — Tells Docker to put this container's processes inside of the network stack that has already been created diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 665eac0e29..5cb050c025 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -152,7 +152,7 @@ Supported networking modes are: * none - no networking in the container * bridge - (default) connect the container to the bridge via veth interfaces -* host - use the host's network stack inside the container +* host - use the host's network stack inside the container. Note: This gives the container full access to local system services such as D-bus and is therefore considered insecure. * container - use another container's network stack #### Mode: none diff --git a/runconfig/parse.go b/runconfig/parse.go index acb0b41c87..5bb065421c 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -65,7 +65,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flWorkingDir = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container") flCpuShares = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)") flCpuset = cmd.String([]string{"-cpuset"}, "", "CPUs in which to allow execution (0-3, 0,1)") - flNetMode = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:': reuses another container network stack\n'host': use the host network stack inside the contaner") + flNetMode = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:': reuses another container network stack\n'host': use the host network stack inside the contaner. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.") // For documentation purpose _ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)") _ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container")