github.com/demonoid81/moby@v0.0.0-20200517203328-62dd8e17c460/daemon/config/config_unix.go (about) 1 // +build linux freebsd 2 3 package config // import "github.com/demonoid81/moby/daemon/config" 4 5 import ( 6 "fmt" 7 8 containertypes "github.com/demonoid81/moby/api/types/container" 9 "github.com/demonoid81/moby/opts" 10 units "github.com/docker/go-units" 11 ) 12 13 const ( 14 // DefaultIpcMode is default for container's IpcMode, if not set otherwise 15 DefaultIpcMode = "private" 16 ) 17 18 // Config defines the configuration of a docker daemon. 19 // It includes json tags to deserialize configuration from a file 20 // using the same names that the flags in the command line uses. 21 type Config struct { 22 CommonConfig 23 24 // These fields are common to all unix platforms. 25 CommonUnixConfig 26 // Fields below here are platform specific. 27 CgroupParent string `json:"cgroup-parent,omitempty"` 28 EnableSelinuxSupport bool `json:"selinux-enabled,omitempty"` 29 RemappedRoot string `json:"userns-remap,omitempty"` 30 Ulimits map[string]*units.Ulimit `json:"default-ulimits,omitempty"` 31 CPURealtimePeriod int64 `json:"cpu-rt-period,omitempty"` 32 CPURealtimeRuntime int64 `json:"cpu-rt-runtime,omitempty"` 33 OOMScoreAdjust int `json:"oom-score-adjust,omitempty"` 34 Init bool `json:"init,omitempty"` 35 InitPath string `json:"init-path,omitempty"` 36 SeccompProfile string `json:"seccomp-profile,omitempty"` 37 ShmSize opts.MemBytes `json:"default-shm-size,omitempty"` 38 NoNewPrivileges bool `json:"no-new-privileges,omitempty"` 39 IpcMode string `json:"default-ipc-mode,omitempty"` 40 CgroupNamespaceMode string `json:"default-cgroupns-mode,omitempty"` 41 // ResolvConf is the path to the configuration of the host resolver 42 ResolvConf string `json:"resolv-conf,omitempty"` 43 Rootless bool `json:"rootless,omitempty"` 44 } 45 46 // BridgeConfig stores all the bridge driver specific 47 // configuration. 48 type BridgeConfig struct { 49 commonBridgeConfig 50 51 // These fields are common to all unix platforms. 52 commonUnixBridgeConfig 53 54 // Fields below here are platform specific. 55 EnableIPv6 bool `json:"ipv6,omitempty"` 56 EnableIPTables bool `json:"iptables,omitempty"` 57 EnableIPForward bool `json:"ip-forward,omitempty"` 58 EnableIPMasq bool `json:"ip-masq,omitempty"` 59 EnableUserlandProxy bool `json:"userland-proxy,omitempty"` 60 UserlandProxyPath string `json:"userland-proxy-path,omitempty"` 61 FixedCIDRv6 string `json:"fixed-cidr-v6,omitempty"` 62 } 63 64 // IsSwarmCompatible defines if swarm mode can be enabled in this config 65 func (conf *Config) IsSwarmCompatible() error { 66 if conf.ClusterStore != "" || conf.ClusterAdvertise != "" { 67 return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode") 68 } 69 if conf.LiveRestoreEnabled { 70 return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode") 71 } 72 return nil 73 } 74 75 func verifyDefaultIpcMode(mode string) error { 76 const hint = "Use \"shareable\" or \"private\"." 77 78 dm := containertypes.IpcMode(mode) 79 if !dm.Valid() { 80 return fmt.Errorf("Default IPC mode setting (%v) is invalid. "+hint, dm) 81 } 82 if dm != "" && !dm.IsPrivate() && !dm.IsShareable() { 83 return fmt.Errorf("IPC mode \"%v\" is not supported as default value. "+hint, dm) 84 } 85 return nil 86 } 87 88 func verifyDefaultCgroupNsMode(mode string) error { 89 cm := containertypes.CgroupnsMode(mode) 90 if !cm.Valid() { 91 return fmt.Errorf("Default cgroup namespace mode (%v) is invalid. Use \"host\" or \"private\".", cm) // nolint: golint 92 } 93 94 return nil 95 } 96 97 // ValidatePlatformConfig checks if any platform-specific configuration settings are invalid. 98 func (conf *Config) ValidatePlatformConfig() error { 99 if err := verifyDefaultIpcMode(conf.IpcMode); err != nil { 100 return err 101 } 102 103 return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode) 104 } 105 106 // IsRootless returns conf.Rootless 107 func (conf *Config) IsRootless() bool { 108 return conf.Rootless 109 }