github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/engine/daemon/config/config_unix.go

github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/engine/daemon/config/config_unix.go (about)

     1  //go:build linux || freebsd
     2  // +build linux freebsd
     3  
     4  package config // import "github.com/docker/docker/daemon/config"
     5  
     6  import (
     7  	"fmt"
     8  
     9  	containertypes "github.com/docker/docker/api/types/container"
    10  	"github.com/docker/docker/opts"
    11  	units "github.com/docker/go-units"
    12  )
    13  
    14  const (
    15  	// DefaultIpcMode is default for container's IpcMode, if not set otherwise
    16  	DefaultIpcMode = "private"
    17  )
    18  
    19  // Config defines the configuration of a docker daemon.
    20  // It includes json tags to deserialize configuration from a file
    21  // using the same names that the flags in the command line uses.
    22  type Config struct {
    23  	CommonConfig
    24  
    25  	// These fields are common to all unix platforms.
    26  	CommonUnixConfig
    27  	// Fields below here are platform specific.
    28  	CgroupParent         string                   `json:"cgroup-parent,omitempty"`
    29  	EnableSelinuxSupport bool                     `json:"selinux-enabled,omitempty"`
    30  	RemappedRoot         string                   `json:"userns-remap,omitempty"`
    31  	Ulimits              map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
    32  	CPURealtimePeriod    int64                    `json:"cpu-rt-period,omitempty"`
    33  	CPURealtimeRuntime   int64                    `json:"cpu-rt-runtime,omitempty"`
    34  	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
    35  	Init                 bool                     `json:"init,omitempty"`
    36  	InitPath             string                   `json:"init-path,omitempty"`
    37  	SeccompProfile       string                   `json:"seccomp-profile,omitempty"`
    38  	ShmSize              opts.MemBytes            `json:"default-shm-size,omitempty"`
    39  	NoNewPrivileges      bool                     `json:"no-new-privileges,omitempty"`
    40  	IpcMode              string                   `json:"default-ipc-mode,omitempty"`
    41  	CgroupNamespaceMode  string                   `json:"default-cgroupns-mode,omitempty"`
    42  	// ResolvConf is the path to the configuration of the host resolver
    43  	ResolvConf string `json:"resolv-conf,omitempty"`
    44  	Rootless   bool   `json:"rootless,omitempty"`
    45  }
    46  
    47  // BridgeConfig stores all the bridge driver specific
    48  // configuration.
    49  type BridgeConfig struct {
    50  	commonBridgeConfig
    51  
    52  	// These fields are common to all unix platforms.
    53  	commonUnixBridgeConfig
    54  
    55  	// Fields below here are platform specific.
    56  	EnableIPv6          bool   `json:"ipv6,omitempty"`
    57  	EnableIPTables      bool   `json:"iptables,omitempty"`
    58  	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
    59  	EnableIPForward     bool   `json:"ip-forward,omitempty"`
    60  	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
    61  	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
    62  	UserlandProxyPath   string `json:"userland-proxy-path,omitempty"`
    63  	FixedCIDRv6         string `json:"fixed-cidr-v6,omitempty"`
    64  }
    65  
    66  // IsSwarmCompatible defines if swarm mode can be enabled in this config
    67  func (conf *Config) IsSwarmCompatible() error {
    68  	if conf.ClusterStore != "" || conf.ClusterAdvertise != "" {
    69  		return fmt.Errorf("--cluster-store and --cluster-advertise daemon configurations are incompatible with swarm mode")
    70  	}
    71  	if conf.LiveRestoreEnabled {
    72  		return fmt.Errorf("--live-restore daemon configuration is incompatible with swarm mode")
    73  	}
    74  	return nil
    75  }
    76  
    77  func verifyDefaultIpcMode(mode string) error {
    78  	const hint = `use "shareable" or "private"`
    79  
    80  	dm := containertypes.IpcMode(mode)
    81  	if !dm.Valid() {
    82  		return fmt.Errorf("default IPC mode setting (%v) is invalid; "+hint, dm)
    83  	}
    84  	if dm != "" && !dm.IsPrivate() && !dm.IsShareable() {
    85  		return fmt.Errorf(`IPC mode "%v" is not supported as default value; `+hint, dm)
    86  	}
    87  	return nil
    88  }
    89  
    90  func verifyDefaultCgroupNsMode(mode string) error {
    91  	cm := containertypes.CgroupnsMode(mode)
    92  	if !cm.Valid() {
    93  		return fmt.Errorf(`default cgroup namespace mode (%v) is invalid; use "host" or "private"`, cm)
    94  	}
    95  
    96  	return nil
    97  }
    98  
    99  // ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
   100  func (conf *Config) ValidatePlatformConfig() error {
   101  	if err := verifyDefaultIpcMode(conf.IpcMode); err != nil {
   102  		return err
   103  	}
   104  
   105  	return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode)
   106  }
   107  
   108  // IsRootless returns conf.Rootless
   109  func (conf *Config) IsRootless() bool {
   110  	return conf.Rootless
   111  }