Closed nightkr closed 10 years ago
Can you force Docker to not recreate them? Feature request over at Docker?
I think it's a docker issue, yes, but I think the issue is persisting the MAC address/hwaddr, not the TCP/IP stack's constant recreation.
Did some searching around, basically this just requires dotcloud/docker#4918 to be resolved.
Actually, this is already possible using the LXC exec-driver (though this is a bit more annoying now since the native driver is the default), which is doable by adding --exec-driver=lxc
when launching the docker daemon.
Just confirmed that the above works. Set the exec-driver and use --lxc-conf
as documented in the other issue and the key keeps working.
For the record, Docker 0.11 now allows you to share the host's network interface with the guest, which should solve this, although it might cause other security considerations.
Such as decrypting them? That problem still exists even if it's unique each time... On May 8, 2014 11:54 PM, "Teo Klestrup Röijezon" notifications@github.com wrote:
For the record, Docker 0.11http://blog.docker.io/2014/05/docker-0-11-release-candidate-for-1-0/now allows you to share the host's network interface with the guest, which should solve this, although it might cause other security considerations.
— Reply to this email directly or view it on GitHubhttps://github.com/teozkr/docker-blockland/issues/1#issuecomment-42638437 .
@Tungul
Nah, but it would give the docker instance complete access to the host's NIC, so the BL instance could impersonate other servers' ports, etc. The suggested docker run
command doesn't take advantage of it (-P
means forward all ports automagically), but this could relatively simply be firewalled away when using Docker's default NAT solution.
Blockland's DRM depends on the netork interfaces staying consistent, but Docker recreates them on each restart. So far I see two possible solutions:
Obviously 1 would be vastly preferable if possible, since 2 depends much more on trusting the host, and leaves the whole thing open to security breaches.