[CentOS] Docker container isolation not working in CentOS 7

Mon Aug 10 14:54:52 UTC 2020
Nicolas Kovacs <info at microlinux.fr>

Le 10/08/2020 à 15:10, Nicolas Kovacs a écrit :
> Now IN THEORY "webserver3" shouldn't be able to communicate with the
> "webserver1" and "webserver2" containers.
> 
> But here's what happens IN PRACTICE (and only on CentOS 7):
> 
> $ docker exec -it webserver3 curl -m 5 http://172.17.0.2
> <!DOCTYPE html>
> <html>
> <head>
> <title>Welcome to nginx!</title>
> ...
> $ docker exec -it webserver3 curl -m 5 http://172.17.0.3
> <!DOCTYPE html>
> <html>
> <head>
> <title>Welcome to nginx!</title>
> ...
> 
> 
> As far as I'm concerned, it looks like a bug, it walks like a bug and it quacks
> like a bug.

I've experimented some more, and while this is clearly a bug, the simple and
pragmatic workaround consists in creating a custom network for every container
group I want to isolate.

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12