This repository was archived by the owner on Oct 16, 2020. It is now read-only.
This repository was archived by the owner on Oct 16, 2020. It is now read-only.
containerd listens on port 10010 on public interface #2524
Description
Issue Report
On stable Container Linux release, 'containerd' service listens on port 10010 on public interface and cannot be modified/disabled.
This port could be used from other containers or abused from the network.
Bug
Related to this:
moby/moby#37507
containerd/containerd#2483 (comment)
Container Linux Version
Latest (1911) and previous (1855) stable Container Linux release.
As Docker version is the same, probably issue is present also on Beta and Alpha.
$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1855.5.0
VERSION_ID=1855.5.0
BUILD_ID=2018-10-22-2305
PRETTY_NAME="Container Linux by CoreOS 1855.5.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"
Environment
N/A
Expected Behavior
Service should be disabled or listen on localhost
Actual Behavior
Service listens on public IP and cannot be disabled
Reproduction Steps
- Fresh install of Container Linux
- Look at:
$ sudo netstat -anp | grep 10010
tcp 0 0 10.57.0.236:10010 0.0.0.0:* LISTEN 871/containerd
Other Information
Bug should be fixed in Docker 18.06.1 but it is still present on Container Linux