github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/daemon/config/config_linux.go (about) 1 package config // import "github.com/docker/docker/daemon/config" 2 3 import ( 4 "fmt" 5 "net" 6 "os/exec" 7 "path/filepath" 8 9 "github.com/containerd/cgroups" 10 "github.com/docker/docker/api/types" 11 "github.com/docker/docker/api/types/container" 12 "github.com/docker/docker/opts" 13 "github.com/docker/docker/pkg/homedir" 14 "github.com/docker/docker/rootless" 15 units "github.com/docker/go-units" 16 "github.com/pkg/errors" 17 ) 18 19 const ( 20 // DefaultIpcMode is default for container's IpcMode, if not set otherwise 21 DefaultIpcMode = container.IPCModePrivate 22 23 // DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2. 24 DefaultCgroupNamespaceMode = container.CgroupnsModePrivate 25 26 // DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1. 27 DefaultCgroupV1NamespaceMode = container.CgroupnsModeHost 28 29 // StockRuntimeName is the reserved name/alias used to represent the 30 // OCI runtime being shipped with the docker daemon package. 31 StockRuntimeName = "runc" 32 ) 33 34 // BridgeConfig stores all the bridge driver specific 35 // configuration. 36 type BridgeConfig struct { 37 commonBridgeConfig 38 39 // Fields below here are platform specific. 40 DefaultIP net.IP `json:"ip,omitempty"` 41 IP string `json:"bip,omitempty"` 42 DefaultGatewayIPv4 net.IP `json:"default-gateway,omitempty"` 43 DefaultGatewayIPv6 net.IP `json:"default-gateway-v6,omitempty"` 44 InterContainerCommunication bool `json:"icc,omitempty"` 45 46 EnableIPv6 bool `json:"ipv6,omitempty"` 47 EnableIPTables bool `json:"iptables,omitempty"` 48 EnableIP6Tables bool `json:"ip6tables,omitempty"` 49 EnableIPForward bool `json:"ip-forward,omitempty"` 50 EnableIPMasq bool `json:"ip-masq,omitempty"` 51 EnableUserlandProxy bool `json:"userland-proxy,omitempty"` 52 UserlandProxyPath string `json:"userland-proxy-path,omitempty"` 53 FixedCIDRv6 string `json:"fixed-cidr-v6,omitempty"` 54 } 55 56 // Config defines the configuration of a docker daemon. 57 // It includes json tags to deserialize configuration from a file 58 // using the same names that the flags in the command line uses. 59 type Config struct { 60 CommonConfig 61 62 // Fields below here are platform specific. 63 Runtimes map[string]types.Runtime `json:"runtimes,omitempty"` 64 DefaultInitBinary string `json:"default-init,omitempty"` 65 CgroupParent string `json:"cgroup-parent,omitempty"` 66 EnableSelinuxSupport bool `json:"selinux-enabled,omitempty"` 67 RemappedRoot string `json:"userns-remap,omitempty"` 68 Ulimits map[string]*units.Ulimit `json:"default-ulimits,omitempty"` 69 CPURealtimePeriod int64 `json:"cpu-rt-period,omitempty"` 70 CPURealtimeRuntime int64 `json:"cpu-rt-runtime,omitempty"` 71 OOMScoreAdjust int `json:"oom-score-adjust,omitempty"` 72 Init bool `json:"init,omitempty"` 73 InitPath string `json:"init-path,omitempty"` 74 SeccompProfile string `json:"seccomp-profile,omitempty"` 75 ShmSize opts.MemBytes `json:"default-shm-size,omitempty"` 76 NoNewPrivileges bool `json:"no-new-privileges,omitempty"` 77 IpcMode string `json:"default-ipc-mode,omitempty"` 78 CgroupNamespaceMode string `json:"default-cgroupns-mode,omitempty"` 79 // ResolvConf is the path to the configuration of the host resolver 80 ResolvConf string `json:"resolv-conf,omitempty"` 81 Rootless bool `json:"rootless,omitempty"` 82 } 83 84 // GetRuntime returns the runtime path and arguments for a given 85 // runtime name 86 func (conf *Config) GetRuntime(name string) *types.Runtime { 87 conf.Lock() 88 defer conf.Unlock() 89 if rt, ok := conf.Runtimes[name]; ok { 90 return &rt 91 } 92 return nil 93 } 94 95 // GetAllRuntimes returns a copy of the runtimes map 96 func (conf *Config) GetAllRuntimes() map[string]types.Runtime { 97 conf.Lock() 98 rts := conf.Runtimes 99 conf.Unlock() 100 return rts 101 } 102 103 // GetExecRoot returns the user configured Exec-root 104 func (conf *Config) GetExecRoot() string { 105 return conf.ExecRoot 106 } 107 108 // GetInitPath returns the configured docker-init path 109 func (conf *Config) GetInitPath() string { 110 conf.Lock() 111 defer conf.Unlock() 112 if conf.InitPath != "" { 113 return conf.InitPath 114 } 115 if conf.DefaultInitBinary != "" { 116 return conf.DefaultInitBinary 117 } 118 return DefaultInitBinary 119 } 120 121 // GetResolvConf returns the appropriate resolv.conf 122 // Check setupResolvConf on how this is selected 123 func (conf *Config) GetResolvConf() string { 124 return conf.ResolvConf 125 } 126 127 // IsSwarmCompatible defines if swarm mode can be enabled in this config 128 func (conf *Config) IsSwarmCompatible() error { 129 if conf.LiveRestoreEnabled { 130 return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode") 131 } 132 return nil 133 } 134 135 func verifyDefaultIpcMode(mode string) error { 136 const hint = `use "shareable" or "private"` 137 138 dm := container.IpcMode(mode) 139 if !dm.Valid() { 140 return fmt.Errorf("default IPC mode setting (%v) is invalid; "+hint, dm) 141 } 142 if dm != "" && !dm.IsPrivate() && !dm.IsShareable() { 143 return fmt.Errorf(`IPC mode "%v" is not supported as default value; `+hint, dm) 144 } 145 return nil 146 } 147 148 func verifyDefaultCgroupNsMode(mode string) error { 149 cm := container.CgroupnsMode(mode) 150 if !cm.Valid() { 151 return fmt.Errorf(`default cgroup namespace mode (%v) is invalid; use "host" or "private"`, cm) 152 } 153 154 return nil 155 } 156 157 // ValidatePlatformConfig checks if any platform-specific configuration settings are invalid. 158 func (conf *Config) ValidatePlatformConfig() error { 159 if err := verifyDefaultIpcMode(conf.IpcMode); err != nil { 160 return err 161 } 162 163 return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode) 164 } 165 166 // IsRootless returns conf.Rootless on Linux but false on Windows 167 func (conf *Config) IsRootless() bool { 168 return conf.Rootless 169 } 170 171 func setPlatformDefaults(cfg *Config) error { 172 cfg.Ulimits = make(map[string]*units.Ulimit) 173 cfg.ShmSize = opts.MemBytes(DefaultShmSize) 174 cfg.SeccompProfile = SeccompProfileDefault 175 cfg.IpcMode = string(DefaultIpcMode) 176 cfg.Runtimes = make(map[string]types.Runtime) 177 178 if cgroups.Mode() != cgroups.Unified { 179 cfg.CgroupNamespaceMode = string(DefaultCgroupV1NamespaceMode) 180 } else { 181 cfg.CgroupNamespaceMode = string(DefaultCgroupNamespaceMode) 182 } 183 184 if rootless.RunningWithRootlessKit() { 185 cfg.Rootless = true 186 187 var err error 188 // use rootlesskit-docker-proxy for exposing the ports in RootlessKit netns to the initial namespace. 189 cfg.BridgeConfig.UserlandProxyPath, err = exec.LookPath(rootless.RootlessKitDockerProxyBinary) 190 if err != nil { 191 return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary) 192 } 193 194 dataHome, err := homedir.GetDataHome() 195 if err != nil { 196 return err 197 } 198 runtimeDir, err := homedir.GetRuntimeDir() 199 if err != nil { 200 return err 201 } 202 203 cfg.Root = filepath.Join(dataHome, "docker") 204 cfg.ExecRoot = filepath.Join(runtimeDir, "docker") 205 cfg.Pidfile = filepath.Join(runtimeDir, "docker.pid") 206 } else { 207 cfg.Root = "/var/lib/docker" 208 cfg.ExecRoot = "/var/run/docker" 209 cfg.Pidfile = "/var/run/docker.pid" 210 } 211 212 return nil 213 }