github.com/docker/engine@v22.0.0-20211208180946-d456264580cf+incompatible/daemon/config/config_linux.go (about) 1 package config // import "github.com/docker/docker/daemon/config" 2 3 import ( 4 "fmt" 5 "net" 6 7 "github.com/docker/docker/api/types" 8 containertypes "github.com/docker/docker/api/types/container" 9 "github.com/docker/docker/opts" 10 units "github.com/docker/go-units" 11 ) 12 13 const ( 14 // DefaultIpcMode is default for container's IpcMode, if not set otherwise 15 DefaultIpcMode = containertypes.IPCModePrivate 16 17 // DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2. 18 DefaultCgroupNamespaceMode = containertypes.CgroupnsModePrivate 19 20 // DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1. 21 DefaultCgroupV1NamespaceMode = containertypes.CgroupnsModeHost 22 23 // StockRuntimeName is the reserved name/alias used to represent the 24 // OCI runtime being shipped with the docker daemon package. 25 StockRuntimeName = "runc" 26 ) 27 28 // BridgeConfig stores all the bridge driver specific 29 // configuration. 30 type BridgeConfig struct { 31 commonBridgeConfig 32 33 // Fields below here are platform specific. 34 DefaultIP net.IP `json:"ip,omitempty"` 35 IP string `json:"bip,omitempty"` 36 DefaultGatewayIPv4 net.IP `json:"default-gateway,omitempty"` 37 DefaultGatewayIPv6 net.IP `json:"default-gateway-v6,omitempty"` 38 InterContainerCommunication bool `json:"icc,omitempty"` 39 40 EnableIPv6 bool `json:"ipv6,omitempty"` 41 EnableIPTables bool `json:"iptables,omitempty"` 42 EnableIP6Tables bool `json:"ip6tables,omitempty"` 43 EnableIPForward bool `json:"ip-forward,omitempty"` 44 EnableIPMasq bool `json:"ip-masq,omitempty"` 45 EnableUserlandProxy bool `json:"userland-proxy,omitempty"` 46 UserlandProxyPath string `json:"userland-proxy-path,omitempty"` 47 FixedCIDRv6 string `json:"fixed-cidr-v6,omitempty"` 48 } 49 50 // Config defines the configuration of a docker daemon. 51 // It includes json tags to deserialize configuration from a file 52 // using the same names that the flags in the command line uses. 53 type Config struct { 54 CommonConfig 55 56 // Fields below here are platform specific. 57 Runtimes map[string]types.Runtime `json:"runtimes,omitempty"` 58 DefaultInitBinary string `json:"default-init,omitempty"` 59 CgroupParent string `json:"cgroup-parent,omitempty"` 60 EnableSelinuxSupport bool `json:"selinux-enabled,omitempty"` 61 RemappedRoot string `json:"userns-remap,omitempty"` 62 Ulimits map[string]*units.Ulimit `json:"default-ulimits,omitempty"` 63 CPURealtimePeriod int64 `json:"cpu-rt-period,omitempty"` 64 CPURealtimeRuntime int64 `json:"cpu-rt-runtime,omitempty"` 65 OOMScoreAdjust int `json:"oom-score-adjust,omitempty"` 66 Init bool `json:"init,omitempty"` 67 InitPath string `json:"init-path,omitempty"` 68 SeccompProfile string `json:"seccomp-profile,omitempty"` 69 ShmSize opts.MemBytes `json:"default-shm-size,omitempty"` 70 NoNewPrivileges bool `json:"no-new-privileges,omitempty"` 71 IpcMode string `json:"default-ipc-mode,omitempty"` 72 CgroupNamespaceMode string `json:"default-cgroupns-mode,omitempty"` 73 // ResolvConf is the path to the configuration of the host resolver 74 ResolvConf string `json:"resolv-conf,omitempty"` 75 Rootless bool `json:"rootless,omitempty"` 76 } 77 78 // GetRuntime returns the runtime path and arguments for a given 79 // runtime name 80 func (conf *Config) GetRuntime(name string) *types.Runtime { 81 conf.Lock() 82 defer conf.Unlock() 83 if rt, ok := conf.Runtimes[name]; ok { 84 return &rt 85 } 86 return nil 87 } 88 89 // GetAllRuntimes returns a copy of the runtimes map 90 func (conf *Config) GetAllRuntimes() map[string]types.Runtime { 91 conf.Lock() 92 rts := conf.Runtimes 93 conf.Unlock() 94 return rts 95 } 96 97 // GetExecRoot returns the user configured Exec-root 98 func (conf *Config) GetExecRoot() string { 99 return conf.ExecRoot 100 } 101 102 // GetInitPath returns the configured docker-init path 103 func (conf *Config) GetInitPath() string { 104 conf.Lock() 105 defer conf.Unlock() 106 if conf.InitPath != "" { 107 return conf.InitPath 108 } 109 if conf.DefaultInitBinary != "" { 110 return conf.DefaultInitBinary 111 } 112 return DefaultInitBinary 113 } 114 115 // GetResolvConf returns the appropriate resolv.conf 116 // Check setupResolvConf on how this is selected 117 func (conf *Config) GetResolvConf() string { 118 return conf.ResolvConf 119 } 120 121 // IsSwarmCompatible defines if swarm mode can be enabled in this config 122 func (conf *Config) IsSwarmCompatible() error { 123 if conf.ClusterStore != "" || conf.ClusterAdvertise != "" { 124 return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode") 125 } 126 if conf.LiveRestoreEnabled { 127 return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode") 128 } 129 return nil 130 } 131 132 func verifyDefaultIpcMode(mode string) error { 133 const hint = `use "shareable" or "private"` 134 135 dm := containertypes.IpcMode(mode) 136 if !dm.Valid() { 137 return fmt.Errorf("default IPC mode setting (%v) is invalid; "+hint, dm) 138 } 139 if dm != "" && !dm.IsPrivate() && !dm.IsShareable() { 140 return fmt.Errorf(`IPC mode "%v" is not supported as default value; `+hint, dm) 141 } 142 return nil 143 } 144 145 func verifyDefaultCgroupNsMode(mode string) error { 146 cm := containertypes.CgroupnsMode(mode) 147 if !cm.Valid() { 148 return fmt.Errorf(`default cgroup namespace mode (%v) is invalid; use "host" or "private"`, cm) 149 } 150 151 return nil 152 } 153 154 // ValidatePlatformConfig checks if any platform-specific configuration settings are invalid. 155 func (conf *Config) ValidatePlatformConfig() error { 156 if err := verifyDefaultIpcMode(conf.IpcMode); err != nil { 157 return err 158 } 159 160 return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode) 161 } 162 163 // IsRootless returns conf.Rootless on Linux but false on Windows 164 func (conf *Config) IsRootless() bool { 165 return conf.Rootless 166 }