Interactive exec via proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zun |
Fix Released
|
Critical
|
hongbin |
Bug Description
The current implementation of interactive execute [1][2][3][4] is as following:
1. client call server with /containers/
2. server return an URL of the Docker daemon
3. client use the URL to connect with Docker daemon directly
Allow clients to connect to Docker daemon in compute host is a big security issue. We should have a proxy process in between client and docker daemon. As a result, the proxy can authenticate the client before allowing the connection. Details are stated in this spec: https:/
[1] https:/
[2] https:/
[3] https:/
[4] https:/
Changed in zun: | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in zun: | |
assignee: | nobody → hongbin (hongbin034) |
Fix proposed to branch: master /review. openstack. org/563482
Review: https:/