From 5503affa44d083e0a78f6117f1fd0b19eaec0e6a Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 24 Feb 2025 16:23:58 -0500
Subject: [PATCH] Fix: Don't autostart containers on host network with TS
 enabled

---
 .../scripts/docker_init                       | 33 ++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/scripts/docker_init b/emhttp/plugins/dynamix.docker.manager/scripts/docker_init
index 27e7b363a..71c2a70a2 100755
--- a/emhttp/plugins/dynamix.docker.manager/scripts/docker_init
+++ b/emhttp/plugins/dynamix.docker.manager/scripts/docker_init
@@ -1,2 +1,33 @@
-#!/bin/bash
+#!/usr/bin/php
+<?
 # Invoked after docker image loopback mounted but before docker is started
+$autostart = @file("/var/lib/docker/unraid-autostart",FILE_IGNORE_NEW_LINES);
+if ( ! $autostart ) exit();
+
+$newAuto = [];
+foreach ($autostart as $container) {
+  if (! trim($container) ) continue;
+
+  $cont = explode(" ",$container);
+  if ( ! is_file("/boot/config/plugins/dockerMan/templates-user/my-{$cont[0]}.xml")) {
+    $newAuto[] = $container;
+    continue;
+  }
+    
+  $doc = new DOMDocument();
+  $doc->load("/boot/config/plugins/dockerMan/templates-user/my-{$cont[0]}.xml");   
+  if ( ! $doc ) {
+    $newAuto[] = $container;
+    continue;
+  }
+  if ( ($doc->getElementsByTagName("Network")->item(0)->nodeValue ?? false) == "host" ) {
+    if ( ($doc->getElementsByTagName("TailscaleEnabled")->item(0)->nodeValue ?? false) == true ) {
+      exec("logger ".escapeshellarg("Autostart disabled on {$cont[0]} due to tailscale integration with host network."));
+      exec("logger ".escapeshellarg("This is a security risk due to the possibility of unauthenticated access to your server's GUI and resources"));
+      continue;           
+    }
+  }
+  $newAuto[] = $container;
+}
+file_put_contents("/var/lib/docker/unraid-autostart",implode("\n",$newAuto));
+?>