package daemon // import "github.com/docker/docker/daemon" import ( "errors" containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" ) // checkIfPathIsInAVolume checks if the path is in a volume. If it is, it // cannot be in a read-only volume. If it is not in a volume, the container // cannot be configured with a read-only rootfs. // // This is a no-op on Windows which does not support read-only volumes, or // extracting to a mount point inside a volume. TODO Windows: FIXME Post-TP5 func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) { return false, nil } // isOnlineFSOperationPermitted returns an error if an online filesystem operation // is not permitted (such as stat or for copying). Running Hyper-V containers // cannot have their file-system interrogated from the host as the filter is // loaded inside the utility VM, not the host. // IMPORTANT: The container lock must NOT be held when calling this function. func (daemon *Daemon) isOnlineFSOperationPermitted(container *container.Container) error { if !container.IsRunning() { return nil } // Determine isolation. If not specified in the hostconfig, use daemon default. actualIsolation := container.HostConfig.Isolation if containertypes.Isolation.IsDefault(containertypes.Isolation(actualIsolation)) { actualIsolation = daemon.defaultIsolation } if containertypes.Isolation.IsHyperV(actualIsolation) { return errors.New("filesystem operations against a running Hyper-V container are not supported") } return nil }