The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Find a file
Sebastiaan van Stijn 92975f0c11
client: define a "dummy" hostname to use for local connections
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Before this patch (using go1.20.6):

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    === RUN   TestAttachWithTTY
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithTTY (0.11s)
    === RUN   TestAttachWithoutTTy
        attach_test.go:46: assertion failed: error is not nil: http: invalid Host header
    --- FAIL: TestAttachWithoutTTy (0.02s)
    FAIL

With this patch applied:

    make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration
    INFO: Testing against a local daemon
    === RUN   TestAttachWithTTY
    --- PASS: TestAttachWithTTY (0.12s)
    === RUN   TestAttachWithoutTTy
    --- PASS: TestAttachWithoutTTy (0.02s)
    PASS

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 18:57:53 +02:00
.github ci(buildkit): match moby go version for buildkit tests 2023-07-12 19:17:25 +02:00
api Merge pull request #45915 from akerouanton/create-overlay-on-non-manager 2023-07-11 10:13:08 -06:00
builder Sort unconsumed build arguments before usage 2023-07-09 03:23:06 -04:00
cli cli/debug: use string-literals for easier grep'ing 2023-07-05 12:27:00 +02:00
client client: define a "dummy" hostname to use for local connections 2023-07-14 18:57:53 +02:00
cmd Merge pull request #45737 from pkwarren/pkw/issue-44940-dockerd-json-logs 2023-07-13 19:00:31 -04:00
container Switch all logging to use containerd log pkg 2023-06-24 00:23:44 +00:00
contrib contrib/busybox: Update to FRP-5007-g82accfc19 2023-06-21 14:15:05 +02:00
daemon Merge pull request #45737 from pkwarren/pkw/issue-44940-dockerd-json-logs 2023-07-13 19:00:31 -04:00
distribution distribution: format code with gofumpt 2023-06-29 00:30:52 +02:00
dockerversion dockerversion: DockerUserAgent(): allow custom versions to be passed 2023-06-01 18:21:58 +02:00
docs Add health start interval 2023-07-05 23:44:17 +00:00
errdefs errdefs: FromStatusCode() don't log "FIXME" debug message 2022-12-20 16:03:46 +01:00
hack Disable tls when launching dockerd through hack/make.sh 2023-07-09 22:26:07 +02:00
image Switch all logging to use containerd log pkg 2023-06-24 00:23:44 +00:00
integration integration: Don't env cleanup before parallel subtests 2023-07-13 13:41:00 +02:00
integration-cli Add t.Helper() to the cli test helper functions 2023-07-13 13:37:26 +02:00
internal replace gogofast with gogofaster extension 2023-05-29 03:28:35 +02:00
layer layer: format code with gofumpt 2023-06-29 00:31:50 +02:00
libcontainerd Merge pull request #45737 from pkwarren/pkw/issue-44940-dockerd-json-logs 2023-07-13 19:00:31 -04:00
libnetwork Merge pull request #45888 from thaJeztah/cleanup_iptables 2023-07-12 15:14:47 +02:00
oci Switch all logging to use containerd log pkg 2023-06-24 00:23:44 +00:00
opts api/types: move system info types to api/types/system 2023-07-07 13:01:36 +02:00
pkg Merge pull request #45861 from thaJeztah/fileutils_deprecate_GetTotalUsedFds 2023-07-11 20:06:24 +02:00
plugin plugin: format code with gofumpt 2023-06-29 00:31:50 +02:00
profiles profiles/seccomp: format code with gofumpt 2023-06-29 00:31:50 +02:00
project remove deprecated devicemapper storage-driver 2023-04-20 23:51:54 +02:00
quota quota: format code with gofumpt 2023-06-29 00:31:50 +02:00
reference reference: format code with gofumpt 2023-06-29 00:31:51 +02:00
registry registry: session.searchRepositories(): return typed error, and small cleanup 2023-07-11 09:47:02 +02:00
reports Fix typos 2018-05-16 09:15:43 +08:00
restartmanager restartmanager: format code with gofumpt 2023-06-29 00:31:51 +02:00
runconfig runconfig: format code with gofumpt 2023-06-29 00:31:11 +02:00
testutil testutil: rename variable that collided with import 2023-07-13 13:05:10 +02:00
vendor Merge pull request #45933 from elezar/bump-cdi-dependency 2023-07-12 16:51:31 -06:00
volume volume: format code with gofumpt 2023-06-29 00:05:23 +02:00
.dockerignore ignorefiles: cleanup 2022-11-21 18:43:42 -07:00
.gitattributes chore: fix linguist for Dockerfile 2022-04-27 06:38:41 +02:00
.gitignore hack: introduce validate/no-module 2022-12-12 18:39:06 -07:00
.mailmap AUTHORS,.mailmap: update with recent contributors 2023-06-29 08:22:14 -06:00
AUTHORS AUTHORS,.mailmap: update with recent contributors 2023-06-29 08:22:14 -06:00
codecov.yml codecov: disable "patch" status 2022-06-07 17:24:46 +02:00
CONTRIBUTING.md CONTRIBUTING.md: drop reference to the Derek GitHub bot 2023-01-10 15:42:09 -07:00
docker-bake.hcl Dockerfile: use default apt mirrors 2023-06-29 00:10:27 +02:00
Dockerfile Dockerfile/shell: install compose cli plugin 2023-07-12 12:19:32 -04:00
Dockerfile.simple update go to go1.20.5 2023-06-14 12:47:05 +02:00
Dockerfile.windows update go to go1.20.5 2023-06-14 12:47:05 +02:00
Jenkinsfile Dockerfile: use default apt mirrors 2023-06-29 00:10:27 +02:00
LICENSE Update LICENSE 2018-09-12 14:27:53 +01:00
MAINTAINERS Merge pull request #45895 from thaJeztah/albin_maintainer 2023-07-06 17:14:01 +02:00
Makefile Makefile: remove unused BUILD_APT_MIRROR 2023-06-29 00:11:45 +02:00
NOTICE switch kr/pty to creack/pty v1.1.7 2019-07-29 16:59:08 -07:00
README.md Fix grammar in README.md 2022-11-10 19:49:41 +00:00
ROADMAP.md Fix some typos in ROADMAP.md 2019-01-25 14:27:13 +08:00
SECURITY.md Update SECURITY.md to have an option to keep name anonymous if requested. 2019-06-18 16:37:16 +00:00
TESTING.md TESTING.md: note that integration-cli is deprecated 2020-12-18 07:51:46 +01:00
vendor.mod Merge pull request #45933 from elezar/bump-cdi-dependency 2023-07-12 16:51:31 -06:00
vendor.sum Merge pull request #45933 from elezar/bump-cdi-dependency 2023-07-12 16:51:31 -06:00
VENDORING.md fix the bare url and the Summary of http://semver.org 2017-01-17 16:20:11 +08:00

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container systems, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.


Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.