github.com/jandre/docker@v1.7.0/contrib/check-config.sh (about) 1 #!/usr/bin/env bash 2 set -e 3 4 # bits of this were adapted from lxc-checkconfig 5 # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in 6 7 possibleConfigs=( 8 '/proc/config.gz' 9 "/boot/config-$(uname -r)" 10 "/usr/src/linux-$(uname -r)/.config" 11 '/usr/src/linux/.config' 12 ) 13 14 if [ $# -gt 0 ]; then 15 CONFIG="$1" 16 else 17 : ${CONFIG:="${possibleConfigs[0]}"} 18 fi 19 20 if ! command -v zgrep &> /dev/null; then 21 zgrep() { 22 zcat "$2" | grep "$1" 23 } 24 fi 25 26 is_set() { 27 zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null 28 } 29 is_set_in_kernel() { 30 zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null 31 } 32 is_set_as_module() { 33 zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null 34 } 35 36 # see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors 37 declare -A colors=( 38 [black]=30 39 [red]=31 40 [green]=32 41 [yellow]=33 42 [blue]=34 43 [magenta]=35 44 [cyan]=36 45 [white]=37 46 ) 47 color() { 48 color=() 49 if [ "$1" = 'bold' ]; then 50 color+=( '1' ) 51 shift 52 fi 53 if [ $# -gt 0 ] && [ "${colors[$1]}" ]; then 54 color+=( "${colors[$1]}" ) 55 fi 56 local IFS=';' 57 echo -en '\033['"${color[*]}"m 58 } 59 wrap_color() { 60 text="$1" 61 shift 62 color "$@" 63 echo -n "$text" 64 color reset 65 echo 66 } 67 68 wrap_good() { 69 echo "$(wrap_color "$1" white): $(wrap_color "$2" green)" 70 } 71 wrap_bad() { 72 echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)" 73 } 74 wrap_warning() { 75 wrap_color >&2 "$*" red 76 } 77 78 check_flag() { 79 if is_set_in_kernel "$1"; then 80 wrap_good "CONFIG_$1" 'enabled' 81 elif is_set_as_module "$1"; then 82 wrap_good "CONFIG_$1" 'enabled (as module)' 83 else 84 wrap_bad "CONFIG_$1" 'missing' 85 fi 86 } 87 88 check_flags() { 89 for flag in "$@"; do 90 echo "- $(check_flag "$flag")" 91 done 92 } 93 94 check_command() { 95 if command -v "$1" >/dev/null 2>&1; then 96 wrap_good "$1 command" 'available' 97 else 98 wrap_bad "$1 command" 'missing' 99 fi 100 } 101 102 check_device() { 103 if [ -c "$1" ]; then 104 wrap_good "$1" 'present' 105 else 106 wrap_bad "$1" 'missing' 107 fi 108 } 109 110 if [ ! -e "$CONFIG" ]; then 111 wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config..." 112 for tryConfig in "${possibleConfigs[@]}"; do 113 if [ -e "$tryConfig" ]; then 114 CONFIG="$tryConfig" 115 break 116 fi 117 done 118 if [ ! -e "$CONFIG" ]; then 119 wrap_warning "error: cannot find kernel config" 120 wrap_warning " try running this script again, specifying the kernel config:" 121 wrap_warning " CONFIG=/path/to/kernel/.config $0 or $0 /path/to/kernel/.config" 122 exit 1 123 fi 124 fi 125 126 wrap_color "info: reading kernel config from $CONFIG ..." white 127 echo 128 129 echo 'Generally Necessary:' 130 131 echo -n '- ' 132 cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" 133 cgroupDir="$(dirname "$cgroupSubsystemDir")" 134 if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then 135 echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" 136 else 137 if [ "$cgroupSubsystemDir" ]; then 138 echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" 139 else 140 echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" 141 fi 142 echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" 143 fi 144 145 if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then 146 echo -n '- ' 147 if command -v apparmor_parser &> /dev/null; then 148 echo "$(wrap_good 'apparmor' 'enabled and tools installed')" 149 else 150 echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')" 151 echo -n ' ' 152 if command -v apt-get &> /dev/null; then 153 echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')" 154 elif command -v yum &> /dev/null; then 155 echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')" 156 else 157 echo "$(wrap_color '(look for an "apparmor" package for your distribution)')" 158 fi 159 fi 160 fi 161 162 flags=( 163 NAMESPACES {NET,PID,IPC,UTS}_NS 164 DEVPTS_MULTIPLE_INSTANCES 165 CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS 166 MACVLAN VETH BRIDGE BRIDGE_NETFILTER 167 NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE 168 NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK} 169 NF_NAT NF_NAT_NEEDED 170 171 # required for bind-mounting /dev/mqueue into containers 172 POSIX_MQUEUE 173 ) 174 check_flags "${flags[@]}" 175 echo 176 177 echo 'Optional Features:' 178 { 179 check_flags MEMCG_SWAP 180 check_flags MEMCG_SWAP_ENABLED 181 if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then 182 echo " $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)" 183 fi 184 } 185 flags=( 186 RESOURCE_COUNTERS 187 BLK_CGROUP 188 IOSCHED_CFQ 189 CGROUP_PERF 190 CFS_BANDWIDTH 191 ) 192 check_flags "${flags[@]}" 193 194 echo '- Storage Drivers:' 195 { 196 echo '- "'$(wrap_color 'aufs' blue)'":' 197 check_flags AUFS_FS | sed 's/^/ /' 198 if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then 199 echo " $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)" 200 fi 201 check_flags EXT4_FS_POSIX_ACL EXT4_FS_SECURITY | sed 's/^/ /' 202 203 echo '- "'$(wrap_color 'btrfs' blue)'":' 204 check_flags BTRFS_FS | sed 's/^/ /' 205 206 echo '- "'$(wrap_color 'devicemapper' blue)'":' 207 check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY | sed 's/^/ /' 208 209 echo '- "'$(wrap_color 'overlay' blue)'":' 210 check_flags OVERLAY_FS EXT4_FS_SECURITY EXT4_FS_POSIX_ACL | sed 's/^/ /' 211 212 echo '- "'$(wrap_color 'zfs' blue)'":' 213 echo " - $(check_device /dev/zfs)" 214 echo " - $(check_command zfs)" 215 echo " - $(check_command zpool)" 216 } | sed 's/^/ /' 217 echo 218 219 #echo 'Potential Future Features:' 220 #check_flags USER_NS 221 #echo