![]() However, exploitation isn't trivial: it requires an active attacker to hang out at Starbucks hoping someone nearby will use Docker over insecure WiFi. ![]() It's a bad bug, and a great testament to why robust image signing is a great idea. I don't have a docker development setup ready, but if you think it's a good idea. maybe we could add yet another switch to pull like -insecure and tweak that would forcefully make it secure = false ? It is currently read here: (while running the daemon), and it's checked while pulling in. ![]() EDIT: As mentioned in the comments, it would also be very useful to allow any registry to be unsecure, not just named ones, as Docker sometimes provides random ports, and some environments have many registries popping in and out of existence. It would be very useful to have that handled directly by docker pull, and not have to restart the whole thing and tweak system-level settings when you discover you need to use a local unsecure registry. Doing so did nothing, until I discovered I needed to run docker, as in daemon, with those parameters. With Docker 1.3+, I was required to run docker with -insecure-registry localhost:5000. I was previously running a "library/registry" on localhost:5000. Hi folks, thanks for all your great work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |