toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allocate daemon listening ports

Browse Source 
Mark the daemon listening ports as allocated in the portallocator in
order to prevent containers from exposing this port themselves.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 7c225333f22378e380309bd0c3afc1b3311b1373
Component: engine
This commit is contained in:
Arnaud Porterie
2014-11-14 20:38:02 -08:00
parent 18dd4cded4
commit f04fedef6e
2 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
components/engine/api/server/server.go
View File

@ -27,6 +27,7 @@ import (
log "github.com/Sirupsen/logrus"
"github.com/docker/docker/api"
"github.com/docker/docker/daemon/networkdriver/portallocator"
"github.com/docker/docker/engine"
"github.com/docker/docker/pkg/listenbuffer"
"github.com/docker/docker/pkg/parsers"
@ -1493,6 +1494,32 @@ func setupUnixHttp(addr string, job *engine.Job) (*HttpServer, error) {
return &HttpServer{&http.Server{Addr: addr, Handler: r}, l}, nil
}
func allocateDaemonPort(addr string) error {
host, port, err := net.SplitHostPort(addr)
if err != nil {
return err
}
intPort, err := strconv.Atoi(port)
if err != nil {
return err
}
var hostIPs []net.IP
if parsedIP := net.ParseIP(host); parsedIP != nil {
hostIPs = append(hostIPs, parsedIP)
} else if hostIPs, err = net.LookupIP(host); err != nil {
return fmt.Errorf("failed to lookup %s address in host specification", host)
}
for _, hostIP := range hostIPs {
if _, err := portallocator.RequestPort(hostIP, "tcp", intPort); err != nil {
return fmt.Errorf("failed to allocate daemon listening port %d (err: %v)", intPort, err)
}
}
return nil
}
func setupTcpHttp(addr string, job *engine.Job) (*HttpServer, error) {
if !strings.HasPrefix(addr, "127.0.0.1") && !job.GetenvBool("TlsVerify") {
log.Infof("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
@ -1508,6 +1535,10 @@ func setupTcpHttp(addr string, job *engine.Job) (*HttpServer, error) {
return nil, err
}
if err := allocateDaemonPort(addr); err != nil {
return nil, err
}
if job.GetenvBool("Tls") || job.GetenvBool("TlsVerify") {
var tlsCa string
if job.GetenvBool("TlsVerify") {