microsoft
/
docker
зеркало из https://github.com/microsoft/docker.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Prevent connecting to host and prevent disconnecting from host 

Container has private network namespace can not to connect to host
and container with host network can not be disconnected from host.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
This commit is contained in:
Lei Jitang 2015-11-09 10:19:53 +08:00
Родитель 1eafc7264c
Коммит a2d8c93fc6
3 изменённых файлов: 28 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
daemon/container_unix.go
Просмотреть файл

@ -720,6 +720,10 @@ func (daemon *Daemon) updateNetworkSettings(container *Container, n libnetwork.N
container.NetworkSettings = &network.Settings{Networks: make(map[string]*network.EndpointSettings)}
}
if !container.hostConfig.NetworkMode.IsHost() && runconfig.NetworkMode(n.Type()).IsHost() {
return runconfig.ErrConflictHostNetwork
}
for s := range container.NetworkSettings.Networks {
sn, err := daemon.FindNetwork(s)
if err != nil {
@ -1174,6 +1178,10 @@ func (container *Container) DisconnectFromNetwork(n libnetwork.Network) error {
return derr.ErrorCodeNotRunning.WithArgs(container.ID)
}
if container.hostConfig.NetworkMode.IsHost() && runconfig.NetworkMode(n.Type()).IsHost() {
return runconfig.ErrConflictHostNetwork
}
if err := container.disconnectFromNetwork(n); err != nil {
return err
}

18
integration-cli/docker_cli_network_unix_test.go
Просмотреть файл

@ -15,6 +15,7 @@ import (
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/versions/v1p20"
"github.com/docker/docker/pkg/integration/checker"
"github.com/docker/docker/runconfig"
"github.com/docker/libnetwork/driverapi"
remoteapi "github.com/docker/libnetwork/drivers/remote/api"
"github.com/docker/libnetwork/ipamapi"
@ -764,3 +765,20 @@ func (s *DockerNetworkSuite) TestDockerNetworkHostModeUngracefulDaemonRestart(c
c.Assert(strings.TrimSpace(runningOut), checker.Equals, "true")
}
}
func (s *DockerNetworkSuite) TestDockerNetworkConnectToHostFromOtherNetwork(c *check.C) {
dockerCmd(c, "run", "-d", "--name", "container1", "busybox", "top")
c.Assert(waitRun("container1"), check.IsNil)
dockerCmd(c, "network", "disconnect", "bridge", "container1")
out, _, err := dockerCmdWithError("network", "connect", "host", "container1")
c.Assert(err, checker.NotNil, check.Commentf(out))
c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
}
func (s *DockerNetworkSuite) TestDockerNetworkDisconnectFromHost(c *check.C) {
dockerCmd(c, "run", "-d", "--name", "container1", "--net=host", "busybox", "top")
c.Assert(waitRun("container1"), check.IsNil)
out, _, err := dockerCmdWithError("network", "disconnect", "host", "container1")
c.Assert(err, checker.NotNil, check.Commentf("Should err out disconnect from host"))
c.Assert(out, checker.Contains, runconfig.ErrConflictHostNetwork.Error())
}

2
runconfig/parse.go
Просмотреть файл

@ -22,6 +22,8 @@ var (
ErrConflictUserDefinedNetworkAndLinks = fmt.Errorf("Conflicting options: --net=<NETWORK> can't be used with links. This would result in undefined behavior")
// ErrConflictSharedNetwork conflict between private and other networks
ErrConflictSharedNetwork = fmt.Errorf("Container sharing network namespace with another container or host cannot be connected to any other network")
// ErrConflictHostNetwork conflict from being disconnected from host network or connected to host network.
ErrConflictHostNetwork = fmt.Errorf("Container cannot be disconnected from host network or connected to host network")
// ErrConflictNoNetwork conflict between private and other networks
ErrConflictNoNetwork = fmt.Errorf("Container cannot be connected to multiple networks with one of the networks in --none mode")
// ErrConflictNetworkAndDNS conflict between --dns and the network mode