Overview

File bsc1037436-0001-client-check-tty-before-creating-exec-job.patch of Package docker.4666

From c117441b1a74affb013a42ee8225d69ecfaf4d72 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Tue, 9 May 2017 23:31:46 +1000
Subject: [PATCH] client: check tty before creating exec job

This is necessary in order to avoid execId leaks in the case where a
`docker exec -it` is run without a terminal available for the client.
You can reproduce this issue by running the following command many
times.

  % nohup docker exec -it some_container true

The container `some_container` will have execIDs that will never
normally be cleaned up (because the client died before they were
started).

In addition, this patch adds a docker-inspect step to ensure that we
give "container does not exist" errors consistently.

[SUSE: Fixes bsc#1037436.]

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
 cli/command/container/exec.go | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/cli/command/container/exec.go b/cli/command/container/exec.go
index 676708c77b91..d85113259242 100644
--- a/cli/command/container/exec.go
+++ b/cli/command/container/exec.go
@@ -79,6 +79,19 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
 	ctx := context.Background()
 	client := dockerCli.Client()
 
+	// We need to check the tty _before_ we do the ContainerExecCreate, because
+	// otherwise if we error out we will leak execIDs on the server (and
+	// there's no easy way to clean those up). But also in order to make "not
+	// exist" errors take precedence we do a dummy inspect first.
+	if _, err := client.ContainerInspect(ctx, container); err != nil {
+		return err
+	}
+	if !execConfig.Detach {
+		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
+			return err
+		}
+	}
+
 	response, err := client.ContainerExecCreate(ctx, container, *execConfig)
 	if err != nil {
 		return err
@@ -90,12 +103,8 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
 		return nil
 	}
 
-	//Temp struct for execStart so that we don't need to transfer all the execConfig
-	if !execConfig.Detach {
-		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
-			return err
-		}
-	} else {
+	// Temp struct for execStart so that we don't need to transfer all the execConfig.
+	if execConfig.Detach {
 		execStartCheck := types.ExecStartCheck{
 			Detach: execConfig.Detach,
 			Tty:    execConfig.Tty,
-- 
2.12.2
openSUSE Build Service is sponsored by
Places