From 8934f13615e95a0c9f4bc52eefb5c97360e114f3 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 5 Aug 2013 22:56:02 +0000 Subject: [PATCH] Change daemon to listen on unix socket by default --- api.go | 8 ++++---- docker/docker.go | 2 +- docs/sources/api/docker_remote_api.rst | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/api.go b/api.go index f520d7a73b..f07a0fca66 100644 --- a/api.go +++ b/api.go @@ -18,8 +18,9 @@ import ( ) const APIVERSION = 1.4 -const DEFAULTHTTPHOST string = "127.0.0.1" -const DEFAULTHTTPPORT int = 4243 +const DEFAULTHTTPHOST = "127.0.0.1" +const DEFAULTHTTPPORT = 4243 +const DEFAULTUNIXSOCKET = "/var/run/docker.sock" func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) { conn, _, err := w.(http.Hijacker).Hijack() @@ -977,9 +978,8 @@ func ListenAndServe(proto, addr string, srv *Server, logging bool) error { if e != nil { return e } - //as the daemon is launched as root, change to permission of the socket to allow non-root to connect if proto == "unix" { - os.Chmod(addr, 0777) + os.Chmod(addr, 0700) } httpSrv := http.Server{Addr: addr, Handler: r} return httpSrv.Serve(l) diff --git a/docker/docker.go b/docker/docker.go index 8d7bf9b42a..9874d756d5 100644 --- a/docker/docker.go +++ b/docker/docker.go @@ -33,7 +33,7 @@ func main() { flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.") flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.") flDns := flag.String("dns", "", "Set custom dns servers") - flHosts := docker.ListOpts{fmt.Sprintf("tcp://%s:%d", docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT)} + flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)} flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use") flag.Parse() if len(flHosts) > 1 { diff --git a/docs/sources/api/docker_remote_api.rst b/docs/sources/api/docker_remote_api.rst index 3be02141c0..7e4b674348 100644 --- a/docs/sources/api/docker_remote_api.rst +++ b/docs/sources/api/docker_remote_api.rst @@ -15,7 +15,7 @@ Docker Remote API ===================== - The Remote API is replacing rcli -- Default port in the docker daemon is 4243 +- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon - The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr