github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/script/check-config.sh (about) 1 #!/usr/bin/env bash 2 set -e 3 4 # bits of this were adapted from check_config.sh in docker 5 # see also https://github.com/docker/docker/blob/master/contrib/check-config.sh 6 7 possibleConfigs=( 8 '/proc/config.gz' 9 "/boot/config-$(uname -r)" 10 "/usr/src/linux-$(uname -r)/.config" 11 '/usr/src/linux/.config' 12 ) 13 possibleConfigFiles=( 14 'config.gz' 15 "config-$(uname -r)" 16 '.config' 17 ) 18 19 if ! command -v zgrep &> /dev/null; then 20 zgrep() { 21 zcat "$2" | grep "$1" 22 } 23 fi 24 25 kernelVersion="$(uname -r)" 26 kernelMajor="${kernelVersion%%.*}" 27 kernelMinor="${kernelVersion#$kernelMajor.}" 28 kernelMinor="${kernelMinor%%.*}" 29 30 is_set() { 31 zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null 32 } 33 is_set_in_kernel() { 34 zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null 35 } 36 is_set_as_module() { 37 zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null 38 } 39 40 color() { 41 local codes=() 42 if [ "$1" = 'bold' ]; then 43 codes=( "${codes[@]}" '1' ) 44 shift 45 fi 46 if [ "$#" -gt 0 ]; then 47 local code= 48 case "$1" in 49 # see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors 50 black) code=30 ;; 51 red) code=31 ;; 52 green) code=32 ;; 53 yellow) code=33 ;; 54 blue) code=34 ;; 55 magenta) code=35 ;; 56 cyan) code=36 ;; 57 white) code=37 ;; 58 esac 59 if [ "$code" ]; then 60 codes=( "${codes[@]}" "$code" ) 61 fi 62 fi 63 local IFS=';' 64 echo -en '\033['"${codes[*]}"'m' 65 } 66 wrap_color() { 67 text="$1" 68 shift 69 color "$@" 70 echo -n "$text" 71 color reset 72 echo 73 } 74 75 wrap_good() { 76 echo "$(wrap_color "$1" white): $(wrap_color "$2" green)" 77 } 78 wrap_bad() { 79 echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)" 80 } 81 wrap_warning() { 82 wrap_color >&2 "$*" red 83 } 84 85 check_flag() { 86 if is_set_in_kernel "$1"; then 87 wrap_good "CONFIG_$1" 'enabled' 88 elif is_set_as_module "$1"; then 89 wrap_good "CONFIG_$1" 'enabled (as module)' 90 else 91 wrap_bad "CONFIG_$1" 'missing' 92 fi 93 } 94 95 check_flags() { 96 for flag in "$@"; do 97 echo "- $(check_flag "$flag")" 98 done 99 } 100 101 check_distro_userns() { 102 source /etc/os-release 2>/dev/null || /bin/true 103 if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then 104 # this is a CentOS7 or RHEL7 system 105 grep -q "user_namespace.enable=1" /proc/cmdline || { 106 # no user namespace support enabled 107 wrap_bad " (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)" 108 } 109 fi 110 } 111 112 is_config() 113 { 114 local config="$1" 115 116 # Todo: more check 117 [[ -f "$config" ]] && return 0 118 return 1 119 } 120 121 search_config() 122 { 123 local target_dir="$1" 124 [[ "$target_dir" ]] || target_dir=("${possibleConfigs[@]}") 125 126 local tryConfig 127 for tryConfig in "${target_dir[@]}"; do 128 is_config "$tryConfig" && { 129 CONFIG="$tryConfig" 130 return 131 } 132 [[ -d "$tryConfig" ]] && { 133 for tryFile in "${possibleConfigFiles[@]}"; do 134 is_config "$tryConfig/$tryFile" && { 135 CONFIG="$tryConfig/$tryFile" 136 return 137 } 138 done 139 } 140 done 141 142 wrap_warning "error: cannot find kernel config" 143 wrap_warning " try running this script again, specifying the kernel config:" 144 wrap_warning " CONFIG=/path/to/kernel/.config $0 or $0 /path/to/kernel/.config" 145 exit 1 146 } 147 148 CONFIG="$1" 149 150 is_config "$CONFIG" || { 151 if [[ ! "$CONFIG" ]]; then 152 wrap_color "info: no config specified, searching for kernel config ..." white 153 search_config 154 elif [[ -d "$CONFIG" ]]; then 155 wrap_color "info: input is a directory, searching for kernel config in this directory..." white 156 search_config "$CONFIG" 157 else 158 wrap_warning "warning: $CONFIG seems not a kernel config, searching other paths for kernel config ..." 159 search_config 160 fi 161 } 162 163 wrap_color "info: reading kernel config from $CONFIG ..." white 164 echo 165 166 echo 'Generally Necessary:' 167 168 echo -n '- ' 169 cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" 170 cgroupDir="$(dirname "$cgroupSubsystemDir")" 171 if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then 172 echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" 173 else 174 if [ "$cgroupSubsystemDir" ]; then 175 echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" 176 else 177 echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" 178 fi 179 echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" 180 fi 181 182 if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then 183 echo -n '- ' 184 if command -v apparmor_parser &> /dev/null; then 185 echo "$(wrap_good 'apparmor' 'enabled and tools installed')" 186 else 187 echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')" 188 echo -n ' ' 189 if command -v apt-get &> /dev/null; then 190 echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')" 191 elif command -v yum &> /dev/null; then 192 echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')" 193 else 194 echo "$(wrap_color '(look for an "apparmor" package for your distribution)')" 195 fi 196 fi 197 fi 198 199 flags=( 200 NAMESPACES {NET,PID,IPC,UTS}_NS 201 CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG 202 KEYS 203 MACVLAN VETH BRIDGE BRIDGE_NETFILTER 204 NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE 205 NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK} 206 NF_NAT NF_NAT_NEEDED 207 208 # required for bind-mounting /dev/mqueue into containers 209 POSIX_MQUEUE 210 ) 211 check_flags "${flags[@]}" 212 echo 213 214 echo 'Optional Features:' 215 { 216 check_flags USER_NS 217 check_distro_userns 218 219 check_flags SECCOMP 220 check_flags CGROUP_PIDS 221 222 check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED 223 if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then 224 echo " $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)" 225 fi 226 } 227 228 if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then 229 check_flags MEMCG_KMEM 230 fi 231 232 if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then 233 check_flags RESOURCE_COUNTERS 234 fi 235 236 if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then 237 netprio=NETPRIO_CGROUP 238 else 239 netprio=CGROUP_NET_PRIO 240 fi 241 242 flags=( 243 BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED 244 CGROUP_PERF 245 CGROUP_HUGETLB 246 NET_CLS_CGROUP $netprio 247 CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED 248 ) 249 check_flags "${flags[@]}"