github.com/hms58/moby@v1.13.1/runconfig/hostconfig_unix.go (about)

     1  // +build !windows,!solaris
     2  
     3  package runconfig
     4  
     5  import (
     6  	"fmt"
     7  	"runtime"
     8  	"strings"
     9  
    10  	"github.com/docker/docker/api/types/container"
    11  	"github.com/docker/docker/pkg/sysinfo"
    12  )
    13  
    14  // DefaultDaemonNetworkMode returns the default network stack the daemon should
    15  // use.
    16  func DefaultDaemonNetworkMode() container.NetworkMode {
    17  	return container.NetworkMode("bridge")
    18  }
    19  
    20  // IsPreDefinedNetwork indicates if a network is predefined by the daemon
    21  func IsPreDefinedNetwork(network string) bool {
    22  	n := container.NetworkMode(network)
    23  	return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() || network == "ingress"
    24  }
    25  
    26  // ValidateNetMode ensures that the various combinations of requested
    27  // network settings are valid.
    28  func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
    29  	// We may not be passed a host config, such as in the case of docker commit
    30  	if hc == nil {
    31  		return nil
    32  	}
    33  	parts := strings.Split(string(hc.NetworkMode), ":")
    34  	if parts[0] == "container" {
    35  		if len(parts) < 2 || parts[1] == "" {
    36  			return fmt.Errorf("--net: invalid net mode: invalid container format container:<name|id>")
    37  		}
    38  	}
    39  
    40  	if hc.NetworkMode.IsContainer() && c.Hostname != "" {
    41  		return ErrConflictNetworkHostname
    42  	}
    43  
    44  	if hc.UTSMode.IsHost() && c.Hostname != "" {
    45  		return ErrConflictUTSHostname
    46  	}
    47  
    48  	if hc.NetworkMode.IsHost() && len(hc.Links) > 0 {
    49  		return ErrConflictHostNetworkAndLinks
    50  	}
    51  
    52  	if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 {
    53  		return ErrConflictContainerNetworkAndLinks
    54  	}
    55  
    56  	if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
    57  		return ErrConflictNetworkAndDNS
    58  	}
    59  
    60  	if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 {
    61  		return ErrConflictNetworkHosts
    62  	}
    63  
    64  	if (hc.NetworkMode.IsContainer() || hc.NetworkMode.IsHost()) && c.MacAddress != "" {
    65  		return ErrConflictContainerNetworkAndMac
    66  	}
    67  
    68  	if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts == true) {
    69  		return ErrConflictNetworkPublishPorts
    70  	}
    71  
    72  	if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 {
    73  		return ErrConflictNetworkExposePorts
    74  	}
    75  	return nil
    76  }
    77  
    78  // ValidateIsolation performs platform specific validation of
    79  // isolation in the hostconfig structure. Linux only supports "default"
    80  // which is LXC container isolation
    81  func ValidateIsolation(hc *container.HostConfig) error {
    82  	// We may not be passed a host config, such as in the case of docker commit
    83  	if hc == nil {
    84  		return nil
    85  	}
    86  	if !hc.Isolation.IsValid() {
    87  		return fmt.Errorf("invalid --isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
    88  	}
    89  	return nil
    90  }
    91  
    92  // ValidateQoS performs platform specific validation of the QoS settings
    93  func ValidateQoS(hc *container.HostConfig) error {
    94  	// We may not be passed a host config, such as in the case of docker commit
    95  	if hc == nil {
    96  		return nil
    97  	}
    98  
    99  	if hc.IOMaximumBandwidth != 0 {
   100  		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxbandwidth", runtime.GOOS)
   101  	}
   102  
   103  	if hc.IOMaximumIOps != 0 {
   104  		return fmt.Errorf("invalid QoS settings: %s does not support --io-maxiops", runtime.GOOS)
   105  	}
   106  	return nil
   107  }
   108  
   109  // ValidateResources performs platform specific validation of the resource settings
   110  // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice
   111  func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
   112  	// We may not be passed a host config, such as in the case of docker commit
   113  	if hc == nil {
   114  		return nil
   115  	}
   116  
   117  	if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod {
   118  		return fmt.Errorf("invalid --cpu-rt-period: Your kernel does not support cgroup rt period")
   119  	}
   120  
   121  	if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime {
   122  		return fmt.Errorf("invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime")
   123  	}
   124  
   125  	if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod {
   126  		return fmt.Errorf("invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period")
   127  	}
   128  	return nil
   129  }