1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Added validation of isolation settings on daemon.verifyContainerSettings

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
This commit is contained in:
Simon Ferquel 2017-11-14 14:36:25 +01:00
parent b4fbcd80c7
commit e6bfe9cdcb
3 changed files with 20 additions and 0 deletions

View file

@ -329,6 +329,10 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
}
if !hostConfig.Isolation.IsValid() {
return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
}
// Now do platform-specific verification
return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
}

View file

@ -157,3 +157,10 @@ func TestTmpfsDevShmSizeOverride(t *testing.T) {
t.Fatal("/dev/shm not found in spec, or size option missing")
}
}
func TestValidateContainerIsolationLinux(t *testing.T) {
d := Daemon{}
_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
assert.EqualError(t, err, "invalid isolation 'hyperv' on linux")
}

View file

@ -4,6 +4,7 @@ import (
"io/ioutil"
"os"
"path/filepath"
"runtime"
"testing"
containertypes "github.com/docker/docker/api/types/container"
@ -16,6 +17,7 @@ import (
"github.com/docker/docker/volume/local"
"github.com/docker/docker/volume/store"
"github.com/docker/go-connections/nat"
"github.com/stretchr/testify/assert"
)
//
@ -302,3 +304,10 @@ func TestMerge(t *testing.T) {
}
}
}
func TestValidateContainerIsolation(t *testing.T) {
d := Daemon{}
_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
assert.EqualError(t, err, "invalid isolation 'invalid' on "+runtime.GOOS)
}