Forbid client piping to tty enabled container

Forbid `docker run -t` with a redirected stdin (such as `echo test | docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled container. Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> Upstream-commit: 67e3ddb75ff27b8de0022e330413b4308ec5b010 Component: engine
2014-12-05 16:50:56 -08:00
parent b4787aa54e
commit 1d39a69298
10 changed files with 213 additions and 88 deletions
--- a/components/engine/api/client/cli.go
+++ b/components/engine/api/client/cli.go
@ -3,6 +3,7 @@ package client
 import (
 	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@ -104,6 +105,16 @@ func (cli *DockerCli) LoadConfigFile() (err error) {
 	return err
 }

+func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
+	// In order to attach to a container tty, input stream for the client must
+	// be a tty itself: redirecting or piping the client standard input is
+	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
+	if ttyMode && attachStdin && !cli.isTerminalIn {
+		return errors.New("cannot enable tty mode on non tty input")
+	}
+	return nil
+}
+
 func NewDockerCli(in io.ReadCloser, out, err io.Writer, key libtrust.PrivateKey, proto, addr string, tlsConfig *tls.Config) *DockerCli {
 	var (
 		inFd          uintptr