Mageia Bugzilla – Attachment 9443 Details for
Bug 20100
docker new security issue CVE-2016-9962
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Functionality test part 2
docker_2.txt (text/plain), 4.54 KB, created by
Len Lawrence
on 2017-06-23 01:30:05 CEST
(
hide
)
Description:
Functionality test part 2
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2017-06-23 01:30:05 CEST
Size:
4.54 KB
patch
obsolete
>Found this succinct definition of a container at https://docs.docker.com/get-started/ > >An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. > >A container is a runtime instance of an image â what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so. > >Note that the tutorial at the site quoted mandates version 1.13 or higher. We have: > >$ docker --version >Docker version 1.9.1, build a34a1d5 > >More from this site: > >$ docker run hello-world >Unable to find image 'hello-world:latest' locally >latest: Pulling from library/hello-world > >974d9149a378: Pull complete >539234e8e884: Pull complete >Digest: sha256:9a4ec8dac439d00fff31bf41b23902bfd7f7465d4b4c8c950e572e7392f33c66 >Status: Downloaded newer image for hello-world:latest > >Hello from Docker! >This message shows that your installation appears to be working correctly. > >To generate this message, Docker took the following steps: > 1. The Docker client contacted the Docker daemon. > 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. > 3. The Docker daemon created a new container from that image which runs the > executable that produces the output you are currently reading. > 4. The Docker daemon streamed that output to the Docker client, which sent it > to your terminal. > >To try something more ambitious, you can run an Ubuntu container with: > $ docker run -it ubuntu bash > >Share images, automate workflows, and more with a free Docker ID: > https://cloud.docker.com/ > >For more examples and ideas, visit: > https://docs.docker.com/engine/userguide/ > >Create a Dockerfile (attached) in an empty directory along with requirements.txt and app.py then build an image with the name friendlyhello. > >$ docker build -t friendlyhello . >$ docker build -t friendlyhello . >Sending build context to Docker daemon 4.608 kB >Step 1 : FROM python:2.7-slim >2.7-slim: Pulling from library/python >aaec12cbddb4: Pull complete >......................... >Step 7 : CMD python app.py > ---> Running in e59d4628e8ed > ---> 90b948cb291a >Removing intermediate container e59d4628e8ed > >A lot more output than posted here. > >$ docker images >REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE >friendlyhello latest 90b948cb291a About a minute ago 194.3 MB >python 2.7-slim 1fdcf4a9d36d 28 hours ago 182.5 MB >debian latest b7b564987286 2 days ago 100.1 MB >hello-world latest 539234e8e884 8 days ago 1.84 kB > >$ docker run -p 4000:80 friendlyhello > * Running on http://0.0.0.0:80/ (Press CTRL+C to quit) > >Going to localhost:4000 in firefox does nothing, localhost:80 reports "It works!" >What it should do is post Hello World! and Hostname: whatever... > >$ curl http://localhost:4000 >curl: (56) Recv failure: Connection reset by peer > >So this may be a case of the documentation running ahead of the version. > ># Background version: >$ docker run -d -p 4000:80 friendlyhello >b1b12ee6a6d86f2eb514f7867245d42c9667fd4daaaf921c1345970142f4b421 >$ >$ docker ps >CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES >b1b12ee6a6d8 friendlyhello "python app.py" About a minute ago Up About a minute 0.0.0.0:4000->80/tcp clever_easley >$ docker stop b1b12ee6a6d8 >b1b12ee6a6d8 >$ > >So the app runs but does not do what is expected in a browser. > >Created a Docker ID at https://cloud.docker.com/ then >$ docker login >Username: <er-hmm> >Password: <something> >Email: <wherever> >WARNING: login credentials saved in /home/lcl/.docker/config.json >Login Succeeded >$ docker tag friendlyhello <dockerid>/tutorial:qa >$ docker images >REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE >friendlyhello latest 90b948cb291a 37 minutes ago 194.3 MB ><dockerid>/tutorial qa 90b948cb291a 37 minutes ago 194.3 MB >python 2.7-slim 1fdcf4a9d36d 29 hours ago 182.5 MB >debian latest b7b564987286 2 days ago 100.1 MB >hello-world latest 539234e8e884 8 days ago 1.84 kB > >The upshot of all that is that the friendlyhello image is now shared via a repository in the cloud. >
Found this succinct definition of a container at https://docs.docker.com/get-started/ An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. A container is a runtime instance of an image â what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so. Note that the tutorial at the site quoted mandates version 1.13 or higher. We have: $ docker --version Docker version 1.9.1, build a34a1d5 More from this site: $ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 974d9149a378: Pull complete 539234e8e884: Pull complete Digest: sha256:9a4ec8dac439d00fff31bf41b23902bfd7f7465d4b4c8c950e572e7392f33c66 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://cloud.docker.com/ For more examples and ideas, visit: https://docs.docker.com/engine/userguide/ Create a Dockerfile (attached) in an empty directory along with requirements.txt and app.py then build an image with the name friendlyhello. $ docker build -t friendlyhello . $ docker build -t friendlyhello . Sending build context to Docker daemon 4.608 kB Step 1 : FROM python:2.7-slim 2.7-slim: Pulling from library/python aaec12cbddb4: Pull complete ......................... Step 7 : CMD python app.py ---> Running in e59d4628e8ed ---> 90b948cb291a Removing intermediate container e59d4628e8ed A lot more output than posted here. $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE friendlyhello latest 90b948cb291a About a minute ago 194.3 MB python 2.7-slim 1fdcf4a9d36d 28 hours ago 182.5 MB debian latest b7b564987286 2 days ago 100.1 MB hello-world latest 539234e8e884 8 days ago 1.84 kB $ docker run -p 4000:80 friendlyhello * Running on http://0.0.0.0:80/ (Press CTRL+C to quit) Going to localhost:4000 in firefox does nothing, localhost:80 reports "It works!" What it should do is post Hello World! and Hostname: whatever... $ curl http://localhost:4000 curl: (56) Recv failure: Connection reset by peer So this may be a case of the documentation running ahead of the version. # Background version: $ docker run -d -p 4000:80 friendlyhello b1b12ee6a6d86f2eb514f7867245d42c9667fd4daaaf921c1345970142f4b421 $ $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b1b12ee6a6d8 friendlyhello "python app.py" About a minute ago Up About a minute 0.0.0.0:4000->80/tcp clever_easley $ docker stop b1b12ee6a6d8 b1b12ee6a6d8 $ So the app runs but does not do what is expected in a browser. Created a Docker ID at https://cloud.docker.com/ then $ docker login Username: <er-hmm> Password: <something> Email: <wherever> WARNING: login credentials saved in /home/lcl/.docker/config.json Login Succeeded $ docker tag friendlyhello <dockerid>/tutorial:qa $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE friendlyhello latest 90b948cb291a 37 minutes ago 194.3 MB <dockerid>/tutorial qa 90b948cb291a 37 minutes ago 194.3 MB python 2.7-slim 1fdcf4a9d36d 29 hours ago 182.5 MB debian latest b7b564987286 2 days ago 100.1 MB hello-world latest 539234e8e884 8 days ago 1.84 kB The upshot of all that is that the friendlyhello image is now shared via a repository in the cloud.
View Attachment As Raw
Actions:
View
Attachments on
bug 20100
:
9442
| 9443 |
9444