Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This will restrict the options for HostIP to either "127.0.0.1" or "0.0.0.0" to validate user input for docker/nerdctl run with the "-p" option on Windows. The potential issues are as follows: On Docker, if users provide any option for "-p" other than "127.0.0.1" or "0.0.0.0," the Docker proxy will fail to create the port mapping because those IP addresses are not visible to the Docker proxy process. However, users can still specify an IP address from the internal network that is visible to the Docker proxy, allowing Docker to create the published port; however, that port will not be accessible from the host. On containerd, the backend containerd engine will create port mappings for published ports without any errors (silently failing); however, the published ports will not be accessible. Therefore, to prevent the scenarios mentioned above, we need to manually validate user input to limit it to either localhost or INADDR_ANY. Signed-off-by: Nino Kodabande <[email protected]>
- Loading branch information