search

buildkite / sockguard

A proxy for docker.sock that enforces access control and isolated privileges
MIT License
143 stars 22 forks source link

DELETE on Networks fails due to no owner? #58

Open CpuID opened 4 years ago

CpuID commented 4 years ago

Maybe the network is not being tagged on creation? Investigate

The network creation (?):

#21 02:34:13.385715 POST - /v1.22/networks/_service_use-jobtype-for-workdir_default/disconnect - 81b
#21 02:34:13.385978 Looking up identifier "_service_use-jobtype-for-workdir_default"
#21 02:34:13.386895 Labels for networks/_service_use-jobtype-for-workdir_default: map[]
#21 02:34:13.386905 Allow, networks/_service_use-jobtype-for-workdir_default has no owner
#21 02:34:13.392411 Copied 188 bytes from upstream socket
#21 02:34:13.392528 Error copying request to socket: read unix /var/run/docker/sockguard.sock->@: use of closed network connection
#21 02:34:13.392603 Copied 0 bytes from downstream connection
#21 02:34:13.392660 Done, closing
#22 02:34:13.394162 POST - /v1.22/networks/_service_use-jobtype-for-workdir_default/connect - 146b
#22 02:34:13.394566 Looking up identifier "_service_use-jobtype-for-workdir_default"
#22 02:34:13.395345 Labels for networks/_service_use-jobtype-for-workdir_default: map[]
#22 02:34:13.395363 Allow, networks/_service_use-jobtype-for-workdir_default has no owner
#22 02:34:13.399577 Copied 188 bytes from upstream socket
#22 02:34:13.399674 Error copying request to socket: read unix /var/run/docker/sockguard.sock->@: use of closed network connection
#22 02:34:13.399686 Copied 0 bytes from downstream connection
#22 02:34:13.399690 Done, closing

And the deletion:

#35 02:34:21.982979 DELETE - /v1.22/networks/_service_use-jobtype-for-workdir_default - 0b
#35 02:34:21.983093 Looking up identifier "_service_use-jobtype-for-workdir_default"
#35 02:34:21.986168 Labels for networks/_service_use-jobtype-for-workdir_default: map[]
#35 02:34:21.986217 Allow, networks/_service_use-jobtype-for-workdir_default has no owner
#35 02:34:21.990031 Expected 200 got 500 when detaching Container ID/Name '53593683f70a4d227ba0b62cc968e5b946618e68d701f1e47e2aba817b3b6907' from Network '_service_use-jobtype-for-workdir_default' (before deleting)
CpuID commented 4 years ago 
#4 19:40:51.250128 POST - /v1.22/networks/create - 76b
2020/03/12 19:40:51 Found unhandled label type <nil>: <nil>

This is likely the culprit...