libcnb-test: ContainerConfig::expose_port
exposes ports to the internet
#609
Labels
ContainerConfig::expose_port
exposes ports to the internet
#609
ContainerConfig::expose_port
exposes ports on the started container to the host machine.Currently libcnb-test does not set a
host_ip
in the correspondingPortBinding
:libcnb.rs/libcnb-test/src/container_port_mapping.rs
Line 82 in 95c2e81
https://docs.rs/bollard/latest/bollard/models/struct.PortBinding.html
The Bollard docs don't say what this implies, however, the Docker run docs say:
(on https://docs.docker.com/engine/reference/commandline/run/#publish)
And on the networking page:
(on https://docs.docker.com/network/#published-ports)
We should set the
host_ip
to 127.0.0.1, so that ports are only exposed to localhost, and not the internet.IMO this is another example of how using Bollard makes it harder for us to understand what's going on, since Bollard's docs don't mention this pitfall, and it's not necessarily obvious at first glance how
PortBinding
correlates to thedocker run
options.The text was updated successfully, but these errors were encountered: