Merge pull request #1464 from dotcloud/bump_0.5.2

Bump to 0.5.2
This commit is contained in:
Michael Crosby 2013-08-08 17:36:53 -07:00
Родитель 8a851af5e6 e99a99eb6e
Коммит 1643943402
8 изменённых файлов: 66 добавлений и 9 удалений

Просмотреть файл

@ -1,5 +1,10 @@
# Changelog
## 0.5.2 (2013-08-08)
* Builder: Forbid certain paths within docker build ADD
- Runtime: Change network range to avoid conflict with EC2 DNS
* API: Change daemon to listen on unix socket by default
## 0.5.1 (2013-07-30)
+ API: Docker client now sets useragent (RFC 2616)
+ Runtime: Add `ps` args to `docker top`

8
api.go
Просмотреть файл

@ -18,8 +18,9 @@ import (
)
const APIVERSION = 1.4
const DEFAULTHTTPHOST string = "127.0.0.1"
const DEFAULTHTTPPORT int = 4243
const DEFAULTHTTPHOST = "127.0.0.1"
const DEFAULTHTTPPORT = 4243
const DEFAULTUNIXSOCKET = "/var/run/docker.sock"
func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
conn, _, err := w.(http.Hijacker).Hijack()
@ -972,9 +973,8 @@ func ListenAndServe(proto, addr string, srv *Server, logging bool) error {
if e != nil {
return e
}
//as the daemon is launched as root, change to permission of the socket to allow non-root to connect
if proto == "unix" {
os.Chmod(addr, 0777)
os.Chmod(addr, 0700)
}
httpSrv := http.Server{Addr: addr, Handler: r}
return httpSrv.Serve(l)

Просмотреть файл

@ -273,6 +273,9 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error {
if strings.HasSuffix(dest, "/") {
destPath = destPath + "/"
}
if !strings.HasPrefix(origPath, b.context) {
return fmt.Errorf("Forbidden path: %s", origPath)
}
fi, err := os.Stat(origPath)
if err != nil {
return err

Просмотреть файл

@ -325,3 +325,52 @@ func TestBuildEntrypoint(t *testing.T) {
if img.Config.Entrypoint[0] != "/bin/echo" {
}
}
func TestForbiddenContextPath(t *testing.T) {
runtime, err := newTestRuntime()
if err != nil {
t.Fatal(err)
}
defer nuke(runtime)
srv := &Server{
runtime: runtime,
pullingPool: make(map[string]struct{}),
pushingPool: make(map[string]struct{}),
}
context := testContextTemplate{`
from {IMAGE}
maintainer dockerio
add ../../ test/
`,
[][2]string{{"test.txt", "test1"}, {"other.txt", "other"}}, nil}
httpServer, err := mkTestingFileServer(context.remoteFiles)
if err != nil {
t.Fatal(err)
}
defer httpServer.Close()
idx := strings.LastIndex(httpServer.URL, ":")
if idx < 0 {
t.Fatalf("could not get port from test http server address %s", httpServer.URL)
}
port := httpServer.URL[idx+1:]
ip := srv.runtime.networkManager.bridgeNetwork.IP
dockerfile := constructDockerfile(context.dockerfile, ip, port)
buildfile := NewBuildFile(srv, ioutil.Discard, false)
_, err = buildfile.Build(mkTestContext(dockerfile, context.files, t))
if err == nil {
t.Log("Error should not be nil")
t.Fail()
}
if err.Error() != "Forbidden path: /" {
t.Logf("Error message is not expected: %s", err.Error())
t.Fail()
}
}

Просмотреть файл

@ -27,7 +27,7 @@ import (
"unicode"
)
const VERSION = "0.5.1"
const VERSION = "0.5.2"
var (
GITCOMMIT string

Просмотреть файл

@ -33,7 +33,7 @@ func main() {
flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.")
flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")
flDns := flag.String("dns", "", "Set custom dns servers")
flHosts := docker.ListOpts{fmt.Sprintf("tcp://%s:%d", docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT)}
flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)}
flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use")
flag.Parse()
if len(flHosts) > 1 {

Просмотреть файл

@ -15,7 +15,7 @@ Docker Remote API
=====================
- The Remote API is replacing rcli
- Default port in the docker deamon is 4243
- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon
- The API tends to be REST, but for some complex commands, like attach
or pull, the HTTP connection is hijacked to transport stdout stdin
and stderr

Просмотреть файл

@ -122,7 +122,7 @@ func CreateBridgeIface(ifaceName string) error {
// In theory this shouldn't matter - in practice there's bound to be a few scripts relying
// on the internal addressing or other stupid things like that.
// The shouldn't, but hey, let's not break them unless we really have to.
"172.16.42.1/16",
"172.17.42.1/16", // Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23
"10.0.42.1/16", // Don't even try using the entire /8, that's too intrusive
"10.1.42.1/16",
"10.42.42.1/16",