github.com/jingleWang/moby@v1.13.1/runconfig/hostconfig_unix.go (about) 1 // +build !windows,!solaris 2 3 package runconfig 4 5 import ( 6 "fmt" 7 "runtime" 8 "strings" 9 10 "github.com/docker/docker/api/types/container" 11 "github.com/docker/docker/pkg/sysinfo" 12 ) 13 14 // DefaultDaemonNetworkMode returns the default network stack the daemon should 15 // use. 16 func DefaultDaemonNetworkMode() container.NetworkMode { 17 return container.NetworkMode("bridge") 18 } 19 20 // IsPreDefinedNetwork indicates if a network is predefined by the daemon 21 func IsPreDefinedNetwork(network string) bool { 22 n := container.NetworkMode(network) 23 return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() || network == "ingress" 24 } 25 26 // ValidateNetMode ensures that the various combinations of requested 27 // network settings are valid. 28 func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { 29 // We may not be passed a host config, such as in the case of docker commit 30 if hc == nil { 31 return nil 32 } 33 parts := strings.Split(string(hc.NetworkMode), ":") 34 if parts[0] == "container" { 35 if len(parts) < 2 || parts[1] == "" { 36 return fmt.Errorf("--net: invalid net mode: invalid container format container:<name|id>") 37 } 38 } 39 40 if hc.NetworkMode.IsContainer() && c.Hostname != "" { 41 return ErrConflictNetworkHostname 42 } 43 44 if hc.UTSMode.IsHost() && c.Hostname != "" { 45 return ErrConflictUTSHostname 46 } 47 48 if hc.NetworkMode.IsHost() && len(hc.Links) > 0 { 49 return ErrConflictHostNetworkAndLinks 50 } 51 52 if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 { 53 return ErrConflictContainerNetworkAndLinks 54 } 55 56 if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 { 57 return ErrConflictNetworkAndDNS 58 } 59 60 if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 { 61 return ErrConflictNetworkHosts 62 } 63 64 if (hc.NetworkMode.IsContainer() || hc.NetworkMode.IsHost()) && c.MacAddress != "" { 65 return ErrConflictContainerNetworkAndMac 66 } 67 68 if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts == true) { 69 return ErrConflictNetworkPublishPorts 70 } 71 72 if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 { 73 return ErrConflictNetworkExposePorts 74 } 75 return nil 76 } 77 78 // ValidateIsolation performs platform specific validation of 79 // isolation in the hostconfig structure. Linux only supports "default" 80 // which is LXC container isolation 81 func ValidateIsolation(hc *container.HostConfig) error { 82 // We may not be passed a host config, such as in the case of docker commit 83 if hc == nil { 84 return nil 85 } 86 if !hc.Isolation.IsValid() { 87 return fmt.Errorf("invalid --isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) 88 } 89 return nil 90 } 91 92 // ValidateQoS performs platform specific validation of the QoS settings 93 func ValidateQoS(hc *container.HostConfig) error { 94 // We may not be passed a host config, such as in the case of docker commit 95 if hc == nil { 96 return nil 97 } 98 99 if hc.IOMaximumBandwidth != 0 { 100 return fmt.Errorf("invalid QoS settings: %s does not support --io-maxbandwidth", runtime.GOOS) 101 } 102 103 if hc.IOMaximumIOps != 0 { 104 return fmt.Errorf("invalid QoS settings: %s does not support --io-maxiops", runtime.GOOS) 105 } 106 return nil 107 } 108 109 // ValidateResources performs platform specific validation of the resource settings 110 // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice 111 func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { 112 // We may not be passed a host config, such as in the case of docker commit 113 if hc == nil { 114 return nil 115 } 116 117 if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod { 118 return fmt.Errorf("invalid --cpu-rt-period: Your kernel does not support cgroup rt period") 119 } 120 121 if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime { 122 return fmt.Errorf("invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime") 123 } 124 125 if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod { 126 return fmt.Errorf("invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period") 127 } 128 return nil 129 }