github.com/tonistiigi/docker@v0.10.1-0.20240229224939-974013b0dc6a/runconfig/hostconfig_unix.go

github.com/tonistiigi/docker@v0.10.1-0.20240229224939-974013b0dc6a/runconfig/hostconfig_unix.go (about)

     1  //go:build !windows
     2  
     3  package runconfig // import "github.com/docker/docker/runconfig"
     4  
     5  import (
     6  	"fmt"
     7  	"runtime"
     8  
     9  	"github.com/docker/docker/api/types/container"
    10  	"github.com/docker/docker/api/types/network"
    11  	"github.com/docker/docker/pkg/sysinfo"
    12  )
    13  
    14  // DefaultDaemonNetworkMode returns the default network stack the daemon should
    15  // use.
    16  func DefaultDaemonNetworkMode() container.NetworkMode {
    17  	return network.NetworkBridge
    18  }
    19  
    20  // IsPreDefinedNetwork indicates if a network is predefined by the daemon
    21  func IsPreDefinedNetwork(network string) bool {
    22  	n := container.NetworkMode(network)
    23  	return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault()
    24  }
    25  
    26  // validateNetMode ensures that the various combinations of requested
    27  // network settings are valid.
    28  func validateNetMode(c *container.Config, hc *container.HostConfig) error {
    29  	err := validateNetContainerMode(c, hc)
    30  	if err != nil {
    31  		return err
    32  	}
    33  	if hc.UTSMode.IsHost() && c.Hostname != "" {
    34  		return ErrConflictUTSHostname
    35  	}
    36  	if hc.NetworkMode.IsHost() && len(hc.Links) > 0 {
    37  		return ErrConflictHostNetworkAndLinks
    38  	}
    39  	return nil
    40  }
    41  
    42  // validateIsolation performs platform specific validation of
    43  // isolation in the hostconfig structure. Linux only supports "default"
    44  // which is LXC container isolation
    45  func validateIsolation(hc *container.HostConfig) error {
    46  	if !hc.Isolation.IsValid() {
    47  		return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS)
    48  	}
    49  	return nil
    50  }
    51  
    52  // validateQoS performs platform specific validation of the QoS settings
    53  func validateQoS(hc *container.HostConfig) error {
    54  	if hc.IOMaximumBandwidth != 0 {
    55  		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS)
    56  	}
    57  	if hc.IOMaximumIOps != 0 {
    58  		return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS)
    59  	}
    60  	return nil
    61  }
    62  
    63  // validateResources performs platform specific validation of the resource settings
    64  // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice
    65  func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error {
    66  	if (hc.Resources.CPURealtimePeriod != 0 || hc.Resources.CPURealtimeRuntime != 0) && !si.CPURealtime {
    67  		return fmt.Errorf("Your kernel does not support CPU real-time scheduler")
    68  	}
    69  	if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod {
    70  		return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period")
    71  	}
    72  	return nil
    73  }
    74  
    75  // validatePrivileged performs platform specific validation of the Privileged setting
    76  func validatePrivileged(_ *container.HostConfig) error {
    77  	return nil
    78  }
    79  
    80  // validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting
    81  func validateReadonlyRootfs(_ *container.HostConfig) error {
    82  	return nil
    83  }