github.com/guilhermebr/docker@v1.4.2-0.20150428121140-67da055cebca/pkg/sysinfo/sysinfo.go (about) 1 package sysinfo 2 3 import ( 4 "io/ioutil" 5 "os" 6 "path" 7 8 "github.com/Sirupsen/logrus" 9 "github.com/docker/libcontainer/cgroups" 10 ) 11 12 // SysInfo stores information about which features a kernel supports. 13 type SysInfo struct { 14 MemoryLimit bool 15 SwapLimit bool 16 CpuCfsQuota bool 17 IPv4ForwardingDisabled bool 18 AppArmor bool 19 } 20 21 // New returns a new SysInfo, using the filesystem to detect which features the kernel supports. 22 func New(quiet bool) *SysInfo { 23 sysInfo := &SysInfo{} 24 if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil { 25 if !quiet { 26 logrus.Warnf("Your kernel does not support cgroup memory limit: %v", err) 27 } 28 } else { 29 // If memory cgroup is mounted, MemoryLimit is always enabled. 30 sysInfo.MemoryLimit = true 31 32 _, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes")) 33 sysInfo.SwapLimit = err1 == nil 34 if !sysInfo.SwapLimit && !quiet { 35 logrus.Warn("Your kernel does not support swap memory limit.") 36 } 37 } 38 39 if cgroupCpuMountpoint, err := cgroups.FindCgroupMountpoint("cpu"); err != nil { 40 if !quiet { 41 logrus.Warnf("%v", err) 42 } 43 } else { 44 _, err1 := ioutil.ReadFile(path.Join(cgroupCpuMountpoint, "cpu.cfs_quota_us")) 45 sysInfo.CpuCfsQuota = err1 == nil 46 if !sysInfo.CpuCfsQuota && !quiet { 47 logrus.Warn("Your kernel does not support cgroup cfs quotas") 48 } 49 } 50 51 // Check if AppArmor is supported. 52 if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) { 53 sysInfo.AppArmor = false 54 } else { 55 sysInfo.AppArmor = true 56 } 57 58 // Check if Devices cgroup is mounted, it is hard requirement for container security. 59 if _, err := cgroups.FindCgroupMountpoint("devices"); err != nil { 60 logrus.Fatalf("Error mounting devices cgroup: %v", err) 61 } 62 63 return sysInfo 64 }