-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker daemon panic in startContainer.go when passing wrong hostConfig #32136
Comments
Can you paste the stack from the panic? |
Would this PR resolve the validation part? #31384 |
@thaJeztah I was just reproducing to get the stack:)
|
@thaJeztah I see your PR touches exactly this area, but didn't see the implementation of |
The Would you be able to provide a minimal example of the container's config that could be used to reproduce the issue? (e.g. the literal JSON data that's sent?) |
@thaJeztah ok, just not so straightforward to dump the request JSON right now, I'll have to add a |
@grexe if you put the docker daemon in debug mode, then API requests are included in the logs. Easiest way is to create a {"debug":true} After that restart or "reload" the daemon;
|
thanks @thaJeztah but that actually only prints out the request/response, but not the body.
(I think the "service endpoint already exists" is new, but the actual error stays the same). |
Hm, interesting, I'll have to check that 🤔 Thanks for the reproduction steps, I'll give it a go later with the 17.04 version to check if it's resolved 👍 |
Sorry for the delay; I just tested this on Docker 17.06 (it's what I have installed now 😄); curl -v \
--unix-socket /var/run/docker.sock \
"http://localhost/containers/create?name=a4e7ae1c2f73df0e-118338e5a182c15d" \
-H "Content-Type: application/json" \
-d '{"Cmd":["sh","-c","cat /etc/hosts | grep extrahost"],"Image":"busybox:latest","Volumes":{},"HostConfig":{"ExtraHosts":["extrahost-1.2.3.4"]}}' Which produced this response;
After that, no container was created, and creating a container without the invalid curl -v \
--unix-socket /var/run/docker.sock \
"http://localhost/containers/create?name=a4e7ae1c2f73df0e-118338e5a182c15d" \
-H "Content-Type: application/json" \
-d '{"Cmd":["sh","-c","cat /etc/hosts | grep extrahost"],"Image":"busybox:latest","Volumes":{}}'
I'll close this issue, because this looks to be resolved, but let me know if there's still something you think should be addressed |
When passing wrong parameters to
extraHosts
as part of theHostConfig
, the error is propagated all the way down to thestartContainer
go code, and causes anindex out of range
error there.The daemon should better check arguments and report a suitable HTTP error response instead.
I was using a Java docker client library (8.1.3-SNAPSHOT)
and docker version 1.12.6, build 78d1802.
The lib just sends out the REST call to the local docker daemon over HTTP in the end.
Steps to reproduce the issue:
createContainer
and aHostConfig
that contains a newline or single argument instead of the expected "host:alias" formatstartContainer
index out of range
error in the go code forstartContainer
(I guess it expects 2 arguments but only gets 1 and so the access fails)Describe the results you received:
The container is created as normal and the call returns a container ID (it should already fail because of the wrong argument for hostConfig).
Only when you try start this configured container, it crashes the daemon.
Describe the results you expected:
For a wrong configuration, I'd expect the
createContainer
method to check the arguments are valid, and already report an error if they are invalid, instead of returning an ID, i.e. fail fast.Other info
I am using a private repo and the ZFS backend, but this should not matter, also could reproduce with standard containers from the global registry.
Output of
docker info
:The text was updated successfully, but these errors were encountered: