github.com/xdlianrong208/docker-ce-comments@v17.12.1-ce-rc2+incompatible/components/engine/runconfig/hostconfig_unix.go (about) 1 // +build !windows 2 3 package runconfig 4 5 import ( 6 "fmt" 7 "runtime" 8 9 "github.com/docker/docker/api/types/container" 10 "github.com/docker/docker/pkg/sysinfo" 11 ) 12 13 // DefaultDaemonNetworkMode returns the default network stack the daemon should 14 // use. 15 func DefaultDaemonNetworkMode() container.NetworkMode { 16 return container.NetworkMode("bridge") 17 } 18 19 // IsPreDefinedNetwork indicates if a network is predefined by the daemon 20 func IsPreDefinedNetwork(network string) bool { 21 n := container.NetworkMode(network) 22 return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() 23 } 24 25 // validateNetMode ensures that the various combinations of requested 26 // network settings are valid. 27 func validateNetMode(c *container.Config, hc *container.HostConfig) error { 28 // We may not be passed a host config, such as in the case of docker commit 29 if hc == nil { 30 return nil 31 } 32 33 err := validateNetContainerMode(c, hc) 34 if err != nil { 35 return err 36 } 37 38 if hc.UTSMode.IsHost() && c.Hostname != "" { 39 return ErrConflictUTSHostname 40 } 41 42 if hc.NetworkMode.IsHost() && len(hc.Links) > 0 { 43 return ErrConflictHostNetworkAndLinks 44 } 45 46 return nil 47 } 48 49 // validateIsolation performs platform specific validation of 50 // isolation in the hostconfig structure. Linux only supports "default" 51 // which is LXC container isolation 52 func validateIsolation(hc *container.HostConfig) error { 53 // We may not be passed a host config, such as in the case of docker commit 54 if hc == nil { 55 return nil 56 } 57 if !hc.Isolation.IsValid() { 58 return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) 59 } 60 return nil 61 } 62 63 // validateQoS performs platform specific validation of the QoS settings 64 func validateQoS(hc *container.HostConfig) error { 65 // We may not be passed a host config, such as in the case of docker commit 66 if hc == nil { 67 return nil 68 } 69 70 if hc.IOMaximumBandwidth != 0 { 71 return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS) 72 } 73 74 if hc.IOMaximumIOps != 0 { 75 return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS) 76 } 77 return nil 78 } 79 80 // validateResources performs platform specific validation of the resource settings 81 // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice 82 func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { 83 // We may not be passed a host config, such as in the case of docker commit 84 if hc == nil { 85 return nil 86 } 87 88 if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod { 89 return fmt.Errorf("Your kernel does not support cgroup cpu real-time period") 90 } 91 92 if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime { 93 return fmt.Errorf("Your kernel does not support cgroup cpu real-time runtime") 94 } 95 96 if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod { 97 return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period") 98 } 99 return nil 100 } 101 102 // validatePrivileged performs platform specific validation of the Privileged setting 103 func validatePrivileged(hc *container.HostConfig) error { 104 return nil 105 } 106 107 // validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting 108 func validateReadonlyRootfs(hc *container.HostConfig) error { 109 return nil 110 }