Open kostapsimoulis opened 6 years ago
the side effect of what you are purposing are some security problems, I think is not a good one to let the containers see the host network interfaces has a fallback of bridge, someone with malicious intention can use this to get access to the host machine, something that not happend if you have none
.
I don't think the client itself has this information (I should check, but I think the default is set by the daemon)
Can the client to do a "docker network ls" or an api call to the daemon to check or not there is bridge networking? If that is not possible then another solution would be to specify in the client.json file that we want the "host" networking to be default. Is that possible?
This would solve the other issue with the docker-compose and multi-stage builds. It looks like the networking option in the compose file is applied to the final container but it ignores it as an option for the build process. I understand that this might be a bug on the docker-compose side but I also believe that it's important to be able to change the default network for the client with a configuration file.
Description
There are a few enterprises that do not allow ip_forward or bridge networking. On dockerd the default bridge network can be disabled by setting it to
none
--bridge=none. When the bridge networking is not present, the cli should use host network by default. The only workaround right now is to pass --net=host every time you run the client but unfortunately there is no way to enforce this globally and there is no solution to make net=host option work with a multi-stage build compose file.Steps to reproduce the issue:
Describe the results you received:
Describe the results you expected: No warning and using net=host
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
There is no docker0 network: