forked from pool/docker
e7663235ed
- Add a partial fix for boo#1038493. - Fixed bsc#1037436 where execids were being leaked due to bad error handling. This is a backport of https://github.com/docker/cli/pull/52. + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch OBS-URL: https://build.opensuse.org/request/show/494283 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=184
70 lines
2.5 KiB
Diff
70 lines
2.5 KiB
Diff
From c117441b1a74affb013a42ee8225d69ecfaf4d72 Mon Sep 17 00:00:00 2001
|
|
From: Aleksa Sarai <asarai@suse.de>
|
|
Date: Tue, 9 May 2017 23:31:46 +1000
|
|
Subject: [PATCH] client: check tty before creating exec job
|
|
|
|
This is necessary in order to avoid execId leaks in the case where a
|
|
`docker exec -it` is run without a terminal available for the client.
|
|
You can reproduce this issue by running the following command many
|
|
times.
|
|
|
|
% nohup docker exec -it some_container true
|
|
|
|
The container `some_container` will have execIDs that will never
|
|
normally be cleaned up (because the client died before they were
|
|
started).
|
|
|
|
In addition, this patch adds a docker-inspect step to ensure that we
|
|
give "container does not exist" errors consistently.
|
|
|
|
[SUSE: Fixes bsc#1037436.]
|
|
|
|
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
|
---
|
|
cli/command/container/exec.go | 21 +++++++++++++++------
|
|
1 file changed, 15 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/cli/command/container/exec.go b/cli/command/container/exec.go
|
|
index 676708c77b91..d85113259242 100644
|
|
--- a/cli/command/container/exec.go
|
|
+++ b/cli/command/container/exec.go
|
|
@@ -79,6 +79,19 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
|
|
ctx := context.Background()
|
|
client := dockerCli.Client()
|
|
|
|
+ // We need to check the tty _before_ we do the ContainerExecCreate, because
|
|
+ // otherwise if we error out we will leak execIDs on the server (and
|
|
+ // there's no easy way to clean those up). But also in order to make "not
|
|
+ // exist" errors take precedence we do a dummy inspect first.
|
|
+ if _, err := client.ContainerInspect(ctx, container); err != nil {
|
|
+ return err
|
|
+ }
|
|
+ if !execConfig.Detach {
|
|
+ if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
|
|
+ return err
|
|
+ }
|
|
+ }
|
|
+
|
|
response, err := client.ContainerExecCreate(ctx, container, *execConfig)
|
|
if err != nil {
|
|
return err
|
|
@@ -90,12 +103,8 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
|
|
return nil
|
|
}
|
|
|
|
- //Temp struct for execStart so that we don't need to transfer all the execConfig
|
|
- if !execConfig.Detach {
|
|
- if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
|
|
- return err
|
|
- }
|
|
- } else {
|
|
+ // Temp struct for execStart so that we don't need to transfer all the execConfig.
|
|
+ if execConfig.Detach {
|
|
execStartCheck := types.ExecStartCheck{
|
|
Detach: execConfig.Detach,
|
|
Tty: execConfig.Tty,
|
|
--
|
|
2.12.2
|
|
|