| // +build !windows |
| |
| package main |
| |
| import ( |
| "bytes" |
| "io/ioutil" |
| "os/exec" |
| "strings" |
| |
| "github.com/docker/docker/pkg/parsers/kernel" |
| "github.com/docker/docker/pkg/sysinfo" |
| ) |
| |
| var ( |
| // SysInfo stores information about which features a kernel supports. |
| SysInfo *sysinfo.SysInfo |
| cpuCfsPeriod = testRequirement{ |
| func() bool { |
| return SysInfo.CPUCfsPeriod |
| }, |
| "Test requires an environment that supports cgroup cfs period.", |
| } |
| cpuCfsQuota = testRequirement{ |
| func() bool { |
| return SysInfo.CPUCfsQuota |
| }, |
| "Test requires an environment that supports cgroup cfs quota.", |
| } |
| cpuShare = testRequirement{ |
| func() bool { |
| return SysInfo.CPUShares |
| }, |
| "Test requires an environment that supports cgroup cpu shares.", |
| } |
| oomControl = testRequirement{ |
| func() bool { |
| return SysInfo.OomKillDisable |
| }, |
| "Test requires Oom control enabled.", |
| } |
| pidsLimit = testRequirement{ |
| func() bool { |
| return SysInfo.PidsLimit |
| }, |
| "Test requires pids limit enabled.", |
| } |
| kernelMemorySupport = testRequirement{ |
| func() bool { |
| return SysInfo.KernelMemory |
| }, |
| "Test requires an environment that supports cgroup kernel memory.", |
| } |
| memoryLimitSupport = testRequirement{ |
| func() bool { |
| return SysInfo.MemoryLimit |
| }, |
| "Test requires an environment that supports cgroup memory limit.", |
| } |
| memoryReservationSupport = testRequirement{ |
| func() bool { |
| return SysInfo.MemoryReservation |
| }, |
| "Test requires an environment that supports cgroup memory reservation.", |
| } |
| swapMemorySupport = testRequirement{ |
| func() bool { |
| return SysInfo.SwapLimit |
| }, |
| "Test requires an environment that supports cgroup swap memory limit.", |
| } |
| memorySwappinessSupport = testRequirement{ |
| func() bool { |
| return SysInfo.MemorySwappiness |
| }, |
| "Test requires an environment that supports cgroup memory swappiness.", |
| } |
| blkioWeight = testRequirement{ |
| func() bool { |
| return SysInfo.BlkioWeight |
| }, |
| "Test requires an environment that supports blkio weight.", |
| } |
| cgroupCpuset = testRequirement{ |
| func() bool { |
| return SysInfo.Cpuset |
| }, |
| "Test requires an environment that supports cgroup cpuset.", |
| } |
| seccompEnabled = testRequirement{ |
| func() bool { |
| return supportsSeccomp && SysInfo.Seccomp |
| }, |
| "Test requires that seccomp support be enabled in the daemon.", |
| } |
| bridgeNfIptables = testRequirement{ |
| func() bool { |
| return !SysInfo.BridgeNFCallIPTablesDisabled |
| }, |
| "Test requires that bridge-nf-call-iptables support be enabled in the daemon.", |
| } |
| bridgeNfIP6tables = testRequirement{ |
| func() bool { |
| return !SysInfo.BridgeNFCallIP6TablesDisabled |
| }, |
| "Test requires that bridge-nf-call-ip6tables support be enabled in the daemon.", |
| } |
| unprivilegedUsernsClone = testRequirement{ |
| func() bool { |
| content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone") |
| if err == nil && strings.Contains(string(content), "0") { |
| return false |
| } |
| return true |
| }, |
| "Test cannot be run with 'sysctl kernel.unprivileged_userns_clone' = 0", |
| } |
| ambientCapabilities = testRequirement{ |
| func() bool { |
| content, err := ioutil.ReadFile("/proc/self/status") |
| if err == nil && strings.Contains(string(content), "CapAmb:") { |
| return true |
| } |
| return false |
| }, |
| "Test cannot be run without a kernel (4.3+) supporting ambient capabilities", |
| } |
| overlayFSSupported = testRequirement{ |
| func() bool { |
| cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems") |
| out, err := cmd.CombinedOutput() |
| if err != nil { |
| return false |
| } |
| return bytes.Contains(out, []byte("overlay\n")) |
| }, |
| "Test cannot be run without suppport for overlayfs", |
| } |
| overlay2Supported = testRequirement{ |
| func() bool { |
| if !overlayFSSupported.Condition() { |
| return false |
| } |
| |
| daemonV, err := kernel.ParseRelease(daemonKernelVersion) |
| if err != nil { |
| return false |
| } |
| requiredV := kernel.VersionInfo{Kernel: 4} |
| return kernel.CompareKernelVersion(*daemonV, requiredV) > -1 |
| |
| }, |
| "Test cannot be run without overlay2 support (kernel 4.0+)", |
| } |
| ) |
| |
| func init() { |
| SysInfo = sysinfo.New(true) |
| } |