Google Git
Sign in
fuchsia / third_party / github.com / moby / moby / df9712f1c8039f83497e3c647788dd697f034158^! / .
commitdf9712f1c8039f83497e3c647788dd697f034158[log] [tgz]
authorMichael Crosby <crosby.michael@gmail.com>Mon Aug 05 22:56:02 2013 +0000
committerMichael Crosby <crosby.michael@gmail.com>Fri Aug 09 00:16:43 2013 +0000
treeb8345a130e82b5d58b38199af73a99a03b13cef9
parent5c56b597a9f6d910ee1f22da42f8b9e5d18c678a [diff]
Change daemon to listen on unix socket by default

Conflicts:
	docs/sources/api/docker_remote_api.rst

diff --git a/api.go b/api.go
index 4ad2ba4..221cabe 100644
--- a/api.go
+++ b/api.go

@@ -18,8 +18,9 @@
 )
 
 const APIVERSION = 1.4
-const DEFAULTHTTPHOST string = "127.0.0.1"
-const DEFAULTHTTPPORT int = 4243
+const DEFAULTHTTPHOST = "127.0.0.1"
+const DEFAULTHTTPPORT = 4243
+const DEFAULTUNIXSOCKET = "/var/run/docker.sock"
 
 func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {
 	conn, _, err := w.(http.Hijacker).Hijack()
@@ -972,9 +973,8 @@
 	if e != nil {
 		return e
 	}
-	//as the daemon is launched as root, change to permission of the socket to allow non-root to connect
 	if proto == "unix" {
-		os.Chmod(addr, 0777)
+		os.Chmod(addr, 0700)
 	}
 	httpSrv := http.Server{Addr: addr, Handler: r}
 	return httpSrv.Serve(l)

diff --git a/docker/docker.go b/docker/docker.go
index 2db50bf..8c6b28b 100644
--- a/docker/docker.go
+++ b/docker/docker.go

@@ -33,7 +33,7 @@
 	flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.")
 	flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")
 	flDns := flag.String("dns", "", "Set custom dns servers")
-	flHosts := docker.ListOpts{fmt.Sprintf("tcp://%s:%d", docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT)}
+	flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)}
 	flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use")
 	flag.Parse()
 	if len(flHosts) > 1 {

diff --git a/docs/sources/api/docker_remote_api.rst b/docs/sources/api/docker_remote_api.rst
index 193be50..a1b4cab 100644
--- a/docs/sources/api/docker_remote_api.rst
+++ b/docs/sources/api/docker_remote_api.rst

@@ -15,7 +15,7 @@
 =====================
 
 - The Remote API is replacing rcli
-- Default port in the docker deamon is 4243 
+- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon
 - The API tends to be REST, but for some complex commands, like attach
   or pull, the HTTP connection is hijacked to transport stdout stdin
   and stderr