Re: Docker container isolation not working in CentOS 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Le 10/08/2020 à 15:10, Nicolas Kovacs a écrit :
> Now IN THEORY "webserver3" shouldn't be able to communicate with the
> "webserver1" and "webserver2" containers.
> 
> But here's what happens IN PRACTICE (and only on CentOS 7):
> 
> $ docker exec -it webserver3 curl -m 5 http://172.17.0.2
> <!DOCTYPE html>
> <html>
> <head>
> <title>Welcome to nginx!</title>
> ...
> $ docker exec -it webserver3 curl -m 5 http://172.17.0.3
> <!DOCTYPE html>
> <html>
> <head>
> <title>Welcome to nginx!</title>
> ...
> 
> 
> As far as I'm concerned, it looks like a bug, it walks like a bug and it quacks
> like a bug.

I've experimented some more, and while this is clearly a bug, the simple and
pragmatic workaround consists in creating a custom network for every container
group I want to isolate.

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux