Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Commit

Permalink
Only pass through $DOCKER_HOST in exec_remote() if it is a Unix socket;
Browse files Browse the repository at this point in the history 
a TCP socket may be secured by TLS, in which case we can't use it.
Note that other uses of DOCKER_HOST in launch_xxx() are left alone;
by that point we must be able to access that socket.
  • Loading branch information
@bboreham
bboreham committed Dec 22, 2015
1 parent b1b62af commit 50f57f6
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions weave
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,15 +96,21 @@ usage() {
}

docker_sock_volume_mount() {
if [ -z "$DOCKER_HOST" ]; then
DOCKER_SOCK="/var/run/docker.sock"
elif echo "$DOCKER_HOST" | grep -q "^unix://" >/dev/null; then
if echo "$DOCKER_HOST" | grep -q "^unix://" >/dev/null; then
DOCKER_SOCK="${DOCKER_HOST#unix://}"
else
DOCKER_SOCK="/var/run/docker.sock"
fi
[ -z "$DOCKER_SOCK" ] || echo "-v $DOCKER_SOCK:$DOCKER_SOCK"
echo "-v $DOCKER_SOCK:$DOCKER_SOCK"
}

exec_remote() {
# Pass through DOCKER_HOST if it is a Unix socket;
# a TCP socket may be secured by TLS, in which case we can't use it
if echo "$DOCKER_HOST" | grep -q "^unix://" ; then
DOCKER_HOST_ARG="-e DOCKER_HOST"
fi

docker $DOCKER_CLIENT_ARGS run --rm --privileged --net=host \
$(docker_sock_volume_mount) \
-v /proc:/hostproc \
Expand All @@ -121,7 +127,7 @@ exec_remote() {
-e WEAVE_NO_FASTDP \
-e WEAVE_NO_BRIDGED_FASTDP \
-e WEAVE_NO_PLUGIN \
-e DOCKER_HOST \
$DOCKER_HOST_ARG \
-e DOCKER_BRIDGE \
-e DOCKER_CLIENT_HOST="$DOCKER_CLIENT_HOST" \
-e DOCKER_CLIENT_ARGS \
Expand Down

0 comments on commit 50f57f6

Please sign in to comment.