Re: Docker: jail: name cannot be numeric fix
2015-10-27 19:12 GMT+03:00 Sergey Zakharchenko : > Mateusz, > >> What's the significance of said names? > > None that I know of; I'm new to Docker so I might be wrong though. > >> The issue here is that said id may contain to letters, effectivley >> looking like a number > > ..the probability of that being (10/16)^12, which isn't too high but still > significant... A funny thing: Docker source (function GenerateRandomID in pkg/stringid/stringid.go) actually checks for a fully numeric ID and avoids it, because it causes other problems: // if we try to parse the truncated for as an int and we don't have // an error then the value is all numberic and causes issues when // used as a hostname. ref #3869 So the probability I mentioned is if fact zero and, ironically, fixing this small kernel bug could actually 'unbreak' Docker. Adjusting GenerateRandomID in the FreeBSD Docker port is another option, possibly faster to get into production. Best regards, -- DoubleF ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Docker: jail: name cannot be numeric fix
Mateusz, > What's the significance of said names? None that I know of; I'm new to Docker so I might be wrong though. > The issue here is that said id may contain to letters, effectivley > looking like a number ..the probability of that being (10/16)^12, which isn't too high but still significant... > and that cannot be allowed due to jid/name > confusion. True; were it possible, I'd suggest naming them e.g. dkrXXX instead of XXX to make it easier to understand that those are Docker-created jails and not some abomination. In other words, seconded. But I suspect there could be some reasons why that wasn't done this (obviously better) way... > The bogus check with 0 is only a side issue, which may or may not make sense to be addressed. Well, it doesn't do what it's supposed to, so it should be fixed but I agree it's definitely not urgent if Docker can be fixed to name jails more appropriately. Best regards, -- DoubleF ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Docker: jail: name cannot be numeric fix
On Tue, Oct 27, 2015 at 05:19:26PM +0300, Sergey Zakharchenko wrote: > Hello, > > This is just a quick note that the problem mentioned in the Docker > wiki https://wiki.freebsd.org/Docker : > > > {{{ > > docker run -t -i centos /bin/bash > > jail: name cannot be numeric (unless it is the jid > > }}} > > > > Unknown: Noticed when re-running a container. > > is not of an 'unknown' origin: it lies in sys/kern/kern_jail.c 's > detection of numeric JIDs, which dates back to 2009: > > https://svnweb.freebsd.org/base/head/sys/kern/kern_jail.c?revision=285685&view=markup > > else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid && *p == '\0'))) > > It thinks everything that starts with a '0' is numeric, and doesn't > check that it's the only character, e.g. namelc[1] == '\0'. This check > is incorrect for some of the hex jail names that Docker generates. > This is demonstrated by e.g. the following: > > ---> Running in 062a4f391fd9 > jail: name cannot be numeric (unless it is the jid) > > Should I send a PR? > What's the significance of said names? The issue here is that said id may contain to letters, effectivley looking like a number and that cannot be allowed due to jid/name confusion. While arbitrary names would be desirable, we are not going to get them without some weird effort. As such, the right fix would e.g. prefix all names with a letter and/or re-generated a name if it does not contain any non-numeric characters. The bogus check with 0 is only a side issue, which may or may not make sense to be addressed. -- Mateusz Guzik ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Docker: jail: name cannot be numeric fix
Hello, This is just a quick note that the problem mentioned in the Docker wiki https://wiki.freebsd.org/Docker : > {{{ > docker run -t -i centos /bin/bash > jail: name cannot be numeric (unless it is the jid > }}} > > Unknown: Noticed when re-running a container. is not of an 'unknown' origin: it lies in sys/kern/kern_jail.c 's detection of numeric JIDs, which dates back to 2009: https://svnweb.freebsd.org/base/head/sys/kern/kern_jail.c?revision=285685&view=markup else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid && *p == '\0'))) It thinks everything that starts with a '0' is numeric, and doesn't check that it's the only character, e.g. namelc[1] == '\0'. This check is incorrect for some of the hex jail names that Docker generates. This is demonstrated by e.g. the following: ---> Running in 062a4f391fd9 jail: name cannot be numeric (unless it is the jid) Should I send a PR? Best regards, -- DoubleF ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"