Prevent user from deleting pre-defined networks

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-25 16:09:54 -07:00 · 2015-10-25 16:09:54 -07:00 · ead62b5952
commit ead62b5952
parent 80439a4ce2
4 changed files with 39 additions and 1 deletions
--- a/api/server/router/network/network_routes.go
+++ b/api/server/router/network/network_routes.go
@ -13,6 +13,7 @@ import (
 	"github.com/docker/docker/daemon"
 	"github.com/docker/docker/daemon/network"
 	"github.com/docker/docker/pkg/parsers/filters"
+	"github.com/docker/docker/runconfig"
 	"github.com/docker/libnetwork"
 )

@ -85,6 +86,11 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
 		return err
 	}

+	if runconfig.IsPreDefinedNetwork(create.Name) {
+		return httputils.WriteJSON(w, http.StatusForbidden,
+			fmt.Sprintf("%s is a pre-defined network and cannot be created", create.Name))
+	}
+
 	nw, err := n.daemon.GetNetwork(create.Name, daemon.NetworkByName)
 	if _, ok := err.(libnetwork.ErrNoSuchNetwork); err != nil && !ok {
 		return err
@ -161,6 +167,11 @@ func (n *networkRouter) deleteNetwork(ctx context.Context, w http.ResponseWriter
 		return err
 	}

+	if runconfig.IsPreDefinedNetwork(nw.Name()) {
+		return httputils.WriteJSON(w, http.StatusForbidden,
+			fmt.Sprintf("%s is a pre-defined network and cannot be removed", nw.Name()))
+	}
+
 	return nw.Delete()
 }

--- a/integration-cli/docker_api_network_test.go
+++ b/integration-cli/docker_api_network_test.go
@ -193,6 +193,23 @@ func (s *DockerSuite) TestApiNetworkIpamMultipleBridgeNetworks(c *check.C) {
 	}
 }

+func (s *DockerSuite) TestApiCreateDeletePredefinedNetworks(c *check.C) {
+	createDeletePredefinedNetwork(c, "bridge")
+	createDeletePredefinedNetwork(c, "none")
+	createDeletePredefinedNetwork(c, "host")
+}
+
+func createDeletePredefinedNetwork(c *check.C, name string) {
+	// Create pre-defined network
+	config := types.NetworkCreate{
+		Name:           name,
+		CheckDuplicate: true,
+	}
+	shouldSucceed := false
+	createNetwork(c, config, shouldSucceed)
+	deleteNetwork(c, name, shouldSucceed)
+}
+
 func isNetworkAvailable(c *check.C, name string) bool {
 	status, body, err := sockRequest("GET", "/networks", nil)
 	c.Assert(status, checker.Equals, http.StatusOK)
@ -284,7 +301,6 @@ func deleteNetwork(c *check.C, id string, shouldSucceed bool) {
 	status, _, err := sockRequest("DELETE", "/networks/"+id, nil)
 	if !shouldSucceed {
 		c.Assert(status, checker.Not(checker.Equals), http.StatusOK)
-		c.Assert(err, checker.NotNil)
 		return
 	}
 	c.Assert(status, checker.Equals, http.StatusOK)
--- a/runconfig/hostconfig_unix.go
+++ b/runconfig/hostconfig_unix.go
@ -66,6 +66,12 @@ func (n NetworkMode) IsUserDefined() bool {
 	return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer()
 }

+// IsPreDefinedNetwork indicates if a network is predefined by the daemon
+func IsPreDefinedNetwork(network string) bool {
+	n := NetworkMode(network)
+	return n.IsBridge() || n.IsHost() || n.IsNone()
+}
+
 //UserDefined indicates user-created network
 func (n NetworkMode) UserDefined() string {
 	if n.IsUserDefined() {
--- a/runconfig/hostconfig_windows.go
+++ b/runconfig/hostconfig_windows.go
@ -27,3 +27,8 @@ func MergeConfigs(config *Config, hostConfig *HostConfig) *ContainerConfigWrappe
 		hostConfig,
 	}
 }
+
+// IsPreDefinedNetwork indicates if a network is predefined by the daemon
+func IsPreDefinedNetwork(network string) bool {
+	return false
+}