mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Extract container-config and container-hostconfig validation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
5fc0f03426
commit
f6002117a4
3 changed files with 62 additions and 53 deletions
|
|
@ -234,60 +234,11 @@ func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *
|
|||
// structures.
|
||||
func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) (warnings []string, err error) {
|
||||
// First perform verification of settings common across all platforms.
|
||||
if config != nil {
|
||||
if err := translateWorkingDir(config, platform); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(config.StopSignal) > 0 {
|
||||
_, err := signal.ParseSignal(config.StopSignal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
|
||||
for _, env := range config.Env {
|
||||
if _, err := opts.ValidateEnv(env); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if err := validateHealthCheck(config.Healthcheck); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = validateContainerConfig(config, platform); err != nil {
|
||||
return warnings, err
|
||||
}
|
||||
|
||||
if hostConfig == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
|
||||
return nil, errors.Errorf("can't create 'AutoRemove' container with restart policy")
|
||||
}
|
||||
|
||||
// Validate mounts; check if host directories still exist
|
||||
parser := volumemounts.NewParser(platform)
|
||||
for _, cfg := range hostConfig.Mounts {
|
||||
if err := parser.ValidateMountConfig(&cfg); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
for _, extraHost := range hostConfig.ExtraHosts {
|
||||
if _, err := opts.ValidateExtraHost(extraHost); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if err := validatePortBindings(hostConfig.PortBindings); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := validateRestartPolicy(hostConfig.RestartPolicy); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !hostConfig.Isolation.IsValid() {
|
||||
return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
||||
if err := validateHostConfig(hostConfig, platform); err != nil {
|
||||
return warnings, err
|
||||
}
|
||||
|
||||
// Now do platform-specific verification
|
||||
|
|
@ -298,6 +249,58 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
|
|||
return warnings, err
|
||||
}
|
||||
|
||||
func validateContainerConfig(config *containertypes.Config, platform string) error {
|
||||
if config == nil {
|
||||
return nil
|
||||
}
|
||||
if err := translateWorkingDir(config, platform); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(config.StopSignal) > 0 {
|
||||
if _, err := signal.ParseSignal(config.StopSignal); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
|
||||
for _, env := range config.Env {
|
||||
if _, err := opts.ValidateEnv(env); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return validateHealthCheck(config.Healthcheck)
|
||||
}
|
||||
|
||||
func validateHostConfig(hostConfig *containertypes.HostConfig, platform string) error {
|
||||
if hostConfig == nil {
|
||||
return nil
|
||||
}
|
||||
if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
|
||||
return errors.Errorf("can't create 'AutoRemove' container with restart policy")
|
||||
}
|
||||
// Validate mounts; check if host directories still exist
|
||||
parser := volumemounts.NewParser(platform)
|
||||
for _, cfg := range hostConfig.Mounts {
|
||||
if err := parser.ValidateMountConfig(&cfg); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
for _, extraHost := range hostConfig.ExtraHosts {
|
||||
if _, err := opts.ValidateExtraHost(extraHost); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err := validatePortBindings(hostConfig.PortBindings); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := validateRestartPolicy(hostConfig.RestartPolicy); err != nil {
|
||||
return err
|
||||
}
|
||||
if !hostConfig.Isolation.IsValid() {
|
||||
return errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// validateHealthCheck validates the healthcheck params of Config
|
||||
func validateHealthCheck(healthConfig *containertypes.HealthConfig) error {
|
||||
if healthConfig == nil {
|
||||
|
|
|
|||
|
|
@ -562,6 +562,9 @@ func UsingSystemd(config *config.Config) bool {
|
|||
// verifyPlatformContainerSettings performs platform-specific validation of the
|
||||
// hostconfig and config structures.
|
||||
func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, update bool) (warnings []string, err error) {
|
||||
if hostConfig == nil {
|
||||
return nil, nil
|
||||
}
|
||||
sysInfo := sysinfo.New(true)
|
||||
|
||||
w, err := verifyPlatformContainerResources(&hostConfig.Resources, sysInfo, update)
|
||||
|
|
|
|||
|
|
@ -188,6 +188,9 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, isHyp
|
|||
// verifyPlatformContainerSettings performs platform-specific validation of the
|
||||
// hostconfig and config structures.
|
||||
func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.HostConfig, update bool) (warnings []string, err error) {
|
||||
if hostConfig == nil {
|
||||
return nil, nil
|
||||
}
|
||||
osv := system.GetOSVersion()
|
||||
hyperv := daemon.runAsHyperVContainer(hostConfig)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue