Shield host's localhost from containers in (network host) mode #77
Comments
|
In ocaml-ci, we perform downloading and testing in separate steps so this shouldn't be a problem (only the download step uses |
kit-ty-kate
added a commit
to ocurrent/opam-repo-ci
that referenced
this issue
Jan 27, 2023
kit-ty-kate
added a commit
to ocurrent/opam-repo-ci
that referenced
this issue
Jan 27, 2023
kit-ty-kate
added a commit
to ocurrent/opam-repo-ci
that referenced
this issue
Jan 27, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
kit-ty-kate
added a commit
to kit-ty-kate/opam-repo-ci
that referenced
this issue
Feb 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently localhost is shared between all containers in
(network host)mode.This is a security issue as well as a reliability one for packages that use the local network for testing purpose.
See opencontainers/runc#201 for discussions and possible solutions. e.g.:
The text was updated successfully, but these errors were encountered: