Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nerdctl run -p <host-port>:<container port> <image> does not check if user defined host port is in use. #2179

Open
vsiravar opened this issue Apr 13, 2023 · 2 comments · May be fixed by #2190
Open

nerdctl run -p <host-port>:<container port> <image> does not check if user defined host port is in use. #2179

vsiravar opened this issue Apr 13, 2023 · 2 comments · May be fixed by #2190
Labels
area/network enhancement New feature or request

Comments

@vsiravar
Copy link
Contributor

vsiravar commented Apr 13, 2023
edited

Description

Running containers with -p/--publish with user provided host port does not check if the host port is already in use in both rootful and rootless. This issue is very similar to #2164.

Steps to reproduce the issue

# Run 2 containers with -p <hostport>:<containerport> option.   
$ nerdctl run -d --name=my-nginx -p 5000:80 nginx
187eda2196935949563e57cb9227da1c9efafef4fda3aefe54a00b53635fa950

$ nerdctl run -d --name=my-httpd  -p 5000:80 httpd

$ nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS     PORTS                   NAMES
187eda219693    docker.io/library/nginx:latest    "/docker-entrypoint.…"    9 minutes ago     Up         0.0.0.0:5000->80/tcp    my-nginx
27232786d099    docker.io/library/httpd:latest    "httpd-foreground"        10 seconds ago    Up         0.0.0.0:5000->80/tcp    my-httpd2
a22d1643e952    docker.io/library/httpd:latest    "httpd-foreground"        33 seconds ago    Created    0.0.0.0:5000->80/tcp    my-httpd

This is very similar to 2164 except this is for user specified host ports.

Both the containers have host port 5000 and is up but only one of them can be reached from the host.

Describe the results you received and expected

Error response
Similar response as docker.
Ports are not available: exposing port TCP 0.0.0.0:5000 -> 0.0.0.0:0: listen tcp 0.0.0.0:5000: bind: address already in use.

What version of nerdctl are you using?

main branch

$ nerdctl version 
Client:
 Version:	v1.3.0-22-g6da9283.m
 OS/Arch:	linux/amd64
 Git commit:	6da9283cb34d09c4d0ca036e63ec01b60fec5f56.m
 buildctl:
  Version:	v0.11.3
  GitCommit:	4ddee42a32aac4cd33bf9c2be4c87c2ffd34747b

Server:
 containerd:
  Version:	v1.6.19
  GitCommit:	1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f
 runc:
  Version:	1.1.4
  GitCommit:	v1.1.4-0-g5fd4c4d1

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

Lima

Host information

$ uname -a
Linux lima-default 5.19.0-38-generic #39-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 17 17:33:16 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
@vsiravar vsiravar added the kind/unconfirmed-bug-claim Unconfirmed bug claim label Apr 13, 2023
@vsiravar
Copy link
Contributor Author

vsiravar commented Apr 14, 2023
edited

Happy to PR by extracting a function to check used ports in port allocate and checking if port is already in use before running the container on linux host.

@AkihiroSuda AkihiroSuda added enhancement New feature or request and removed kind/unconfirmed-bug-claim Unconfirmed bug claim labels Apr 14, 2023
@vsiravar vsiravar linked a pull request Apr 18, 2023 that will close this issue
Open
@arnaldo2792
Copy link

It seems like there is already code in portAllocate to check if a given port is already in use?. Probably the logic is a little flaky? Also, FWIW, checking /proc/net/<tcp|udp> is prone to race conditions. There could be two processes trying to get a hold on the same port, but the kernel won't report it as “used” for neither of them. Thus, but processes will attempt to bind to the port but only one of them will succeed, even after validating that the port wasn't in use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/network enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Add used port check for publish flag vsiravar/nerdctl
4 participants
@arnaldo2792 @AkihiroSuda @fahedouch @vsiravar