unique debugger pin in Docker containers

pallets · May 14, 2019 · 00bc43b · 00bc43b
1 parent 2cbdf2b
commit 00bc43b
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -20,6 +20,8 @@ Unreleased
     (:issue:`1510`)
 -   The debugger detects cycles in chained exceptions and does not time
     out in that case. (:issue:`1536`)
+-   When running the development server in Docker, the debugger security
+    pin is now unique per container.
 
 
 Version 0.15.2

diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
@@ -67,6 +67,19 @@ def get_machine_id():
         return rv
 
     def _generate():
+        # docker containers share the same machine id, get the
+        # container id instead
+        try:
+            with open("/proc/self/cgroup") as f:
+                value = f.readline()
+        except IOError:
+            pass
+        else:
+            value = value.strip().partition("/docker/")[2]
+
+            if value:
+                return value
+
         # Potential sources of secret information on linux.  The machine-id
         # is stable across boots, the boot id is not
         for filename in "/etc/machine-id", "/proc/sys/kernel/random/boot_id":