vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Add warning for --dns flag set to localhost addresses.

Browse source 
We should warn users who use the `--dns` command line option to point
DNS to a localhost address, either IPv4 or IPv6.  Unless they have
specifically set up the container as a DNS server or are using
--net=host (which is why this should be allowed, but warned on because
those are pretty unique cases) a localhost address as a resolver will
not reach what they might expect (e.g. expecting it will hit localhost
on the Docker daemon/host).

Added a test for the message, and fixed up tests to separate stdout and
stderr that were using `--dns=127.0.0.1` to test the options.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This commit is contained in:
Phil Estes 2015-03-10 10:22:29 -04:00
parent 29e7195aaf
commit 716b0cd3b4
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
networkfs/resolvconf/resolvconf.go
View file

@ -23,11 +23,13 @@ var (
// For readability and sufficiency for Docker purposes this seemed more reasonable than a // For readability and sufficiency for Docker purposes this seemed more reasonable than a
// 1000+ character regexp with exact and complete IPv6 validation // 1000+ character regexp with exact and complete IPv6 validation
ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})` ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})`
ipLocalhost = `((127\.([0-9]{1,3}.){2}[0-9]{1,3})|(::1))`
localhostRegexp = regexp.MustCompile(`(?m)^nameserver\s+((127\.([0-9]{1,3}.){2}[0-9]{1,3})|(::1))\s*\n*`) localhostIPRegexp = regexp.MustCompile(ipLocalhost)
nsIPv6Regexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`) localhostNSRegexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipLocalhost + `\s*\n*`)
nsRegexp = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`) nsIPv6Regexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
searchRegexp = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`) nsRegexp = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
searchRegexp = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
) )
var lastModified struct { var lastModified struct {
@ -87,7 +89,7 @@ func GetLastModified() ([]byte, string) {
// It also returns a boolean to notify the caller if changes were made at all // It also returns a boolean to notify the caller if changes were made at all
func FilterResolvDns(resolvConf []byte, ipv6Enabled bool) ([]byte, bool) { func FilterResolvDns(resolvConf []byte, ipv6Enabled bool) ([]byte, bool) {
changed := false changed := false
cleanedResolvConf := localhostRegexp.ReplaceAll(resolvConf, []byte{}) cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
// if IPv6 is not enabled, also clean out any IPv6 address nameserver // if IPv6 is not enabled, also clean out any IPv6 address nameserver
if !ipv6Enabled { if !ipv6Enabled {
cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{}) cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
@ -124,6 +126,13 @@ func getLines(input []byte, commentMarker []byte) [][]byte {
return output return output
} }
// returns true if the IP string matches the localhost IP regular expression.
// Used for determining if nameserver settings are being passed which are
// localhost addresses
func IsLocalhost(ip string) bool {
return localhostIPRegexp.MatchString(ip)
}
// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf // GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
func GetNameservers(resolvConf []byte) []string { func GetNameservers(resolvConf []byte) []string {
nameservers := []string{} nameservers := []string{}