1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

15 commits

Author SHA1 Message Date
Sebastiaan van Stijn
ecbfe73193
opts: ParseTCPAddr(): fix validation of hosts to not ignore path elements
There was a discrepancy between what `ParseTCPAddr()` accepted, and what the
daemon was able to use, resulting in the daemon to start, but fail to create
listeners for the specified host.

Before this patch:

    dockerd -H tcp://127.0.0.1:2375/
    INFO[2022-04-03T10:18:06.417502600Z] Starting up
    ...
    failed to load listeners: listen tcp: address tcp/2375/: unknown port

    dockerd -H 127.0.0.1:2375/path
    INFO[2022-04-03T10:18:06.417502600Z] Starting up
    ...
    failed to load listeners: listen tcp: address tcp/5555/path: unknown port

After this patch:

    dockerd -H tcp://127.0.0.1:2375/
    Status: invalid argument "tcp://127.0.0.1:2375/" for "-H, --host" flag: invalid bind address (127.0.0.1:2375/): should not contain a path element
    See 'dockerd --help'., Code: 125

    dockerd -H 127.0.0.1:2375/path
    Status: invalid argument "127.0.0.1:2375/path" for "-H, --host" flag: invalid bind address (127.0.0.1:2375/path): should not contain a path element
    See 'dockerd --help'., Code: 125

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 12:50:45 +02:00
Sebastiaan van Stijn
053962af92
Move HostGatewayName const to opts, and change vars to consts
This prevents consumers of the opts package to also having to
depend on daemon/network, and everything related.

We can probably change some of the other constants to strings,
for easier concatenating, and need to review the windows-specific
"127.0.0.1" (instead of "localhost"), which may no longer be
needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-30 21:17:34 +01:00
Arko Dasgupta
92e809a680 Support host.docker.internal in dockerd on Linux
Docker Desktop (on MAC and Windows hosts) allows containers
running inside a Linux VM to connect to the host using
the host.docker.internal DNS name, which is implemented by
VPNkit (DNS proxy on the host)

This PR allows containers to connect to Linux hosts
by appending a special string "host-gateway" to --add-host
e.g. "--add-host=host.docker.internal:host-gateway" which adds
host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip

This PR also add a daemon flag call host-gateway-ip which defaults to
the default bridge IP
Docker Desktop will need to set this field to the Host Proxy IP
so DNS requests for host.docker.internal can be routed to VPNkit

Addresses: https://github.com/docker/for-linux/issues/264

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
2020-01-22 13:30:00 -08:00
Akihiro Suda
3518383ed9 dockerd: fix rootless detection (alternative to #39024)
The `--rootless` flag had a couple of issues:
* #38702: euid=0, $USER="root" but no access to cgroup ("rootful" Docker in rootless Docker)
* #39009: euid=0 but $USER="docker" (rootful boot2docker)

To fix #38702, XDG dirs are ignored as in rootful Docker, unless the
dockerd is directly running under RootlessKit namespaces.

RootlessKit detection is implemented by checking whether `$ROOTLESSKIT_STATE_DIR` is set.

To fix #39009, the non-robust `$USER` check is now completely removed.

The entire logic can be illustrated as follows:

```
withRootlessKit := getenv("ROOTLESSKIT_STATE_DIR")
rootlessMode := withRootlessKit || cliFlag("--rootless")
honorXDG := withRootlessKit
useRootlessKitDockerProxy := withRootlessKit
removeCgroupSpec := rootlessMode
adjustOOMScoreAdj := rootlessMode
```

Close #39024
Fix #38702 #39009

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-04-25 16:47:01 +09:00
Akihiro Suda
ec87479b7e allow running dockerd in an unprivileged user namespace (rootless mode)
Please refer to `docs/rootless.md`.

TLDR:
 * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
 * `dockerd-rootless.sh --experimental`
 * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-04 00:24:27 +09:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Vincent Demeester
de5c80b4f3
Remove Docker from some functions
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-25 14:39:51 +02:00
Vincent Demeester
6129e6ce3e Merge pull request #29697 from yuexiao-wang/fix-docker-daemon
Update docker daemon to dockerd
2017-01-04 11:55:38 +01:00
yuexiao-wang
62cc802f61 Update docker daemon to dockerd
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-27 17:32:15 +08:00
Vincent Demeester
c424be21b7
Clean some stuff from runconfig that are cli only…
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-24 13:16:00 +01:00
yuexiao-wang
113cae5ba2 Change tls to TLS
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-20 22:08:07 +08:00
Tonis Tiigi
0a4a0d9800 Fix opts tests after default port fix
The code for default port was already there but
it didn’t work because split function errored out
before. This should be the desired behavior that
matches daemon listen address with swarm listen
address.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-06-21 17:14:55 -07:00
Tonis Tiigi
fb3eb1c27e Unify swarm init and update options
Add api side validation and defaults for init and
join requests.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-06-21 16:34:32 -07:00
John Starks
0906195fbb Windows: Add support for named pipe protocol
This adds an npipe protocol option for Windows hosts, akin to unix
sockets for Linux hosts. This should become the default transport
for Windows, but this change does not yet do that.

It also does not add support for the client side yet since that
code is in engine-api, which will have to be revendored separately.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-02-01 19:46:30 -08:00
Daniel Nephin
9b99591054 Move ParseDockerDaemonHost to opts/ package.
This function was only being used from a single place opts/opts.go. This
change moves it from a incohesive package (parsers) to the single place it
is used.

Also made a bunch of the helper methods private because they are not used
by any external modules.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 20:53:17 -05:00