Added validation of isolation settings on daemon.verifyContainerSettings
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
This commit is contained in:
parent
b4fbcd80c7
commit
e6bfe9cdcb
|
@ -329,6 +329,10 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
|
||||||
return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
|
return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !hostConfig.Isolation.IsValid() {
|
||||||
|
return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
||||||
|
}
|
||||||
|
|
||||||
// Now do platform-specific verification
|
// Now do platform-specific verification
|
||||||
return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
|
return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
|
||||||
}
|
}
|
||||||
|
|
|
@ -157,3 +157,10 @@ func TestTmpfsDevShmSizeOverride(t *testing.T) {
|
||||||
t.Fatal("/dev/shm not found in spec, or size option missing")
|
t.Fatal("/dev/shm not found in spec, or size option missing")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestValidateContainerIsolationLinux(t *testing.T) {
|
||||||
|
d := Daemon{}
|
||||||
|
|
||||||
|
_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
|
||||||
|
assert.EqualError(t, err, "invalid isolation 'hyperv' on linux")
|
||||||
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"runtime"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
containertypes "github.com/docker/docker/api/types/container"
|
containertypes "github.com/docker/docker/api/types/container"
|
||||||
|
@ -16,6 +17,7 @@ import (
|
||||||
"github.com/docker/docker/volume/local"
|
"github.com/docker/docker/volume/local"
|
||||||
"github.com/docker/docker/volume/store"
|
"github.com/docker/docker/volume/store"
|
||||||
"github.com/docker/go-connections/nat"
|
"github.com/docker/go-connections/nat"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -302,3 +304,10 @@ func TestMerge(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestValidateContainerIsolation(t *testing.T) {
|
||||||
|
d := Daemon{}
|
||||||
|
|
||||||
|
_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
|
||||||
|
assert.EqualError(t, err, "invalid isolation 'invalid' on "+runtime.GOOS)
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue