yousefamar
commented
7 years ago We need this on the branch backupPlan too ideally. The default bridge (docker0) lets all containers have internet by default. Otherwise they're isolated.
Closed yousefamar closed 7 years ago
yousefamar
commented
7 years ago We need this on the branch backupPlan too ideally. The default bridge (docker0) lets all containers have internet by default. Otherwise they're isolated.
By default, Docker connects all launched containers to the default Docker
bridgenetwork. This is bad for us, since although the container can't use Docker DNS to resolve the IPs of other containers, it can still communicate with them directly by IP, which it could just enumerate.If you override this by setting NetworkMode to
none, then the container can't connect to anything ever. The solution is to explicitly disconnect every container from the default Dockerbridgenetwork (by name — it's just called "bridge") on launching.This should be pretty simple; we just need to add an extra step in the container launch Promise chain to disconnect it.