2015-05-29 14:22:21 -04:00
|
|
|
// +build !windows
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2016-12-10 11:40:01 -05:00
|
|
|
"bytes"
|
2016-07-29 09:11:07 -04:00
|
|
|
"io/ioutil"
|
2016-12-10 11:40:01 -05:00
|
|
|
"os/exec"
|
2016-07-29 09:11:07 -04:00
|
|
|
"strings"
|
|
|
|
|
2015-08-23 23:37:11 -04:00
|
|
|
"github.com/docker/docker/pkg/sysinfo"
|
2015-05-29 14:22:21 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2015-08-23 23:37:11 -04:00
|
|
|
// SysInfo stores information about which features a kernel supports.
|
|
|
|
SysInfo *sysinfo.SysInfo
|
2015-07-22 08:59:24 -04:00
|
|
|
cpuCfsPeriod = testRequirement{
|
2015-05-29 14:22:21 -04:00
|
|
|
func() bool {
|
2015-08-23 23:37:11 -04:00
|
|
|
return SysInfo.CPUCfsPeriod
|
2015-05-29 14:22:21 -04:00
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup cfs period.",
|
|
|
|
}
|
2015-07-22 08:59:24 -04:00
|
|
|
cpuCfsQuota = testRequirement{
|
2015-05-29 14:22:21 -04:00
|
|
|
func() bool {
|
2015-08-23 23:37:11 -04:00
|
|
|
return SysInfo.CPUCfsQuota
|
2015-05-29 14:22:21 -04:00
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup cfs quota.",
|
|
|
|
}
|
2015-08-23 23:37:11 -04:00
|
|
|
cpuShare = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.CPUShares
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup cpu shares.",
|
|
|
|
}
|
2015-07-22 08:59:24 -04:00
|
|
|
oomControl = testRequirement{
|
2015-07-08 16:30:03 -04:00
|
|
|
func() bool {
|
2015-08-23 23:37:11 -04:00
|
|
|
return SysInfo.OomKillDisable
|
2015-07-08 16:30:03 -04:00
|
|
|
},
|
|
|
|
"Test requires Oom control enabled.",
|
|
|
|
}
|
2015-12-15 14:15:43 -05:00
|
|
|
pidsLimit = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.PidsLimit
|
|
|
|
},
|
|
|
|
"Test requires pids limit enabled.",
|
|
|
|
}
|
2015-08-19 11:56:55 -04:00
|
|
|
kernelMemorySupport = testRequirement{
|
|
|
|
func() bool {
|
2015-08-23 23:37:11 -04:00
|
|
|
return SysInfo.KernelMemory
|
2015-08-19 11:56:55 -04:00
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup kernel memory.",
|
|
|
|
}
|
2015-08-23 23:37:11 -04:00
|
|
|
memoryLimitSupport = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.MemoryLimit
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup memory limit.",
|
|
|
|
}
|
2015-09-23 02:02:45 -04:00
|
|
|
memoryReservationSupport = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.MemoryReservation
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup memory reservation.",
|
|
|
|
}
|
2015-08-23 23:37:11 -04:00
|
|
|
swapMemorySupport = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.SwapLimit
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup swap memory limit.",
|
|
|
|
}
|
|
|
|
memorySwappinessSupport = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.MemorySwappiness
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup memory swappiness.",
|
|
|
|
}
|
|
|
|
blkioWeight = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.BlkioWeight
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports blkio weight.",
|
|
|
|
}
|
|
|
|
cgroupCpuset = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
return SysInfo.Cpuset
|
|
|
|
},
|
|
|
|
"Test requires an environment that supports cgroup cpuset.",
|
|
|
|
}
|
2015-12-07 20:14:52 -05:00
|
|
|
seccompEnabled = testRequirement{
|
|
|
|
func() bool {
|
2016-01-11 14:44:34 -05:00
|
|
|
return supportsSeccomp && SysInfo.Seccomp
|
2015-12-07 20:14:52 -05:00
|
|
|
},
|
|
|
|
"Test requires that seccomp support be enabled in the daemon.",
|
|
|
|
}
|
2016-02-26 19:53:35 -05:00
|
|
|
bridgeNfIptables = testRequirement{
|
|
|
|
func() bool {
|
2016-02-26 13:47:43 -05:00
|
|
|
return !SysInfo.BridgeNFCallIPTablesDisabled
|
2016-02-26 19:53:35 -05:00
|
|
|
},
|
|
|
|
"Test requires that bridge-nf-call-iptables support be enabled in the daemon.",
|
|
|
|
}
|
|
|
|
bridgeNfIP6tables = testRequirement{
|
|
|
|
func() bool {
|
2016-02-26 13:47:43 -05:00
|
|
|
return !SysInfo.BridgeNFCallIP6TablesDisabled
|
2016-02-26 19:53:35 -05:00
|
|
|
},
|
|
|
|
"Test requires that bridge-nf-call-ip6tables support be enabled in the daemon.",
|
|
|
|
}
|
2016-07-29 09:11:07 -04:00
|
|
|
unprivilegedUsernsClone = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
|
|
|
|
if err == nil && strings.Contains(string(content), "0") {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
},
|
|
|
|
"Test cannot be run with 'sysctl kernel.unprivileged_userns_clone' = 0",
|
|
|
|
}
|
2016-09-28 08:46:11 -04:00
|
|
|
ambientCapabilities = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
content, err := ioutil.ReadFile("/proc/self/status")
|
|
|
|
if err == nil && strings.Contains(string(content), "CapAmb:") {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
},
|
|
|
|
"Test cannot be run without a kernel (4.3+) supporting ambient capabilities",
|
|
|
|
}
|
2016-12-10 11:40:01 -05:00
|
|
|
overlaySupported = testRequirement{
|
|
|
|
func() bool {
|
|
|
|
cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
|
|
|
|
out, err := cmd.CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return bytes.Contains(out, []byte("overlay\n"))
|
|
|
|
},
|
|
|
|
"Test cannot be run wihtout suppport for ovelayfs",
|
|
|
|
}
|
2015-05-29 14:22:21 -04:00
|
|
|
)
|
2015-08-23 23:37:11 -04:00
|
|
|
|
|
|
|
func init() {
|
|
|
|
SysInfo = sysinfo.New(true)
|
|
|
|
}
|