github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/engine/runconfig/hostconfig_unix.go (about) 1 //go:build !windows 2 // +build !windows 3 4 package runconfig // import "github.com/docker/docker/runconfig" 5 6 import ( 7 "fmt" 8 "runtime" 9 10 "github.com/docker/docker/api/types/container" 11 "github.com/docker/docker/pkg/sysinfo" 12 ) 13 14 // DefaultDaemonNetworkMode returns the default network stack the daemon should 15 // use. 16 func DefaultDaemonNetworkMode() container.NetworkMode { 17 return container.NetworkMode("bridge") 18 } 19 20 // IsPreDefinedNetwork indicates if a network is predefined by the daemon 21 func IsPreDefinedNetwork(network string) bool { 22 n := container.NetworkMode(network) 23 return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() 24 } 25 26 // validateNetMode ensures that the various combinations of requested 27 // network settings are valid. 28 func validateNetMode(c *container.Config, hc *container.HostConfig) error { 29 // We may not be passed a host config, such as in the case of docker commit 30 if hc == nil { 31 return nil 32 } 33 34 err := validateNetContainerMode(c, hc) 35 if err != nil { 36 return err 37 } 38 39 if hc.UTSMode.IsHost() && c.Hostname != "" { 40 return ErrConflictUTSHostname 41 } 42 43 if hc.NetworkMode.IsHost() && len(hc.Links) > 0 { 44 return ErrConflictHostNetworkAndLinks 45 } 46 47 return nil 48 } 49 50 // validateIsolation performs platform specific validation of 51 // isolation in the hostconfig structure. Linux only supports "default" 52 // which is LXC container isolation 53 func validateIsolation(hc *container.HostConfig) error { 54 // We may not be passed a host config, such as in the case of docker commit 55 if hc == nil { 56 return nil 57 } 58 if !hc.Isolation.IsValid() { 59 return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) 60 } 61 return nil 62 } 63 64 // validateQoS performs platform specific validation of the QoS settings 65 func validateQoS(hc *container.HostConfig) error { 66 // We may not be passed a host config, such as in the case of docker commit 67 if hc == nil { 68 return nil 69 } 70 71 if hc.IOMaximumBandwidth != 0 { 72 return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS) 73 } 74 75 if hc.IOMaximumIOps != 0 { 76 return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS) 77 } 78 return nil 79 } 80 81 // validateResources performs platform specific validation of the resource settings 82 // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice 83 func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { 84 // We may not be passed a host config, such as in the case of docker commit 85 if hc == nil { 86 return nil 87 } 88 89 if (hc.Resources.CPURealtimePeriod != 0 || hc.Resources.CPURealtimeRuntime != 0) && !si.CPURealtime { 90 return fmt.Errorf("Your kernel does not support CPU real-time scheduler") 91 } 92 93 if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod { 94 return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period") 95 } 96 return nil 97 } 98 99 // validatePrivileged performs platform specific validation of the Privileged setting 100 func validatePrivileged(hc *container.HostConfig) error { 101 return nil 102 } 103 104 // validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting 105 func validateReadonlyRootfs(hc *container.HostConfig) error { 106 return nil 107 }