diff --git a/api/client/build.go b/api/client/build.go index f7f9c5b1fc..c315dccc67 100644 --- a/api/client/build.go +++ b/api/client/build.go @@ -66,7 +66,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error { flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv) cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables") - isolation := cmd.String([]string{"-isolation"}, "", "Container isolation level") + isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology") ulimits := make(map[string]*units.Ulimit) flUlimits := runconfigopts.NewUlimitOpt(&ulimits) @@ -224,7 +224,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error { Remove: *rm, ForceRemove: *forceRm, PullParent: *pull, - IsolationLevel: container.IsolationLevel(*isolation), + Isolation: container.Isolation(*isolation), CPUSetCPUs: *flCPUSetCpus, CPUSetMems: *flCPUSetMems, CPUShares: *flCPUShares, diff --git a/api/server/router/build/build_routes.go b/api/server/router/build/build_routes.go index 152dfff328..904a21664b 100644 --- a/api/server/router/build/build_routes.go +++ b/api/server/router/build/build_routes.go @@ -60,11 +60,11 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui options.ShmSize = shmSize } - if i := container.IsolationLevel(r.FormValue("isolation")); i != "" { - if !container.IsolationLevel.IsValid(i) { + if i := container.Isolation(r.FormValue("isolation")); i != "" { + if !container.Isolation.IsValid(i) { return nil, fmt.Errorf("Unsupported isolation: %q", i) } - options.IsolationLevel = i + options.Isolation = i } var buildUlimits = []*units.Ulimit{} diff --git a/builder/dockerfile/internals.go b/builder/dockerfile/internals.go index bd352ae036..7eedf9b468 100644 --- a/builder/dockerfile/internals.go +++ b/builder/dockerfile/internals.go @@ -506,7 +506,7 @@ func (b *Builder) create() (string, error) { // TODO: why not embed a hostconfig in builder? hostConfig := &container.HostConfig{ - Isolation: b.options.IsolationLevel, + Isolation: b.options.Isolation, ShmSize: b.options.ShmSize, Resources: resources, } diff --git a/daemon/execdriver/driver_windows.go b/daemon/execdriver/driver_windows.go index ec482cd30f..27db06a48e 100644 --- a/daemon/execdriver/driver_windows.go +++ b/daemon/execdriver/driver_windows.go @@ -53,7 +53,7 @@ type Command struct { Hostname string `json:"hostname"` // Windows sets the hostname in the execdriver LayerFolder string `json:"layer_folder"` // Layer folder for a command LayerPaths []string `json:"layer_paths"` // Layer paths for a command - Isolation string `json:"isolation"` // Isolation level for the container + Isolation string `json:"isolation"` // Isolation technology for the container ArgsEscaped bool `json:"args_escaped"` // True if args are already escaped HvPartition bool `json:"hv_partition"` // True if it's an hypervisor partition } diff --git a/daemon/execdriver/windows/windows.go b/daemon/execdriver/windows/windows.go index 0be7c0b02d..7625979a6b 100644 --- a/daemon/execdriver/windows/windows.go +++ b/daemon/execdriver/windows/windows.go @@ -28,11 +28,11 @@ var dummyMode bool // This allows the daemon to force kill (HCS terminate) rather than shutdown var forceKill bool -// DefaultIsolation allows users to specify a default isolation mode for +// DefaultIsolation allows users to specify a default isolation technology for // when running a container on Windows. For example docker daemon -D // --exec-opt isolation=hyperv will cause Windows to always run containers // as Hyper-V containers unless otherwise specified. -var DefaultIsolation container.IsolationLevel = "process" +var DefaultIsolation container.Isolation = "process" // Define name and version for windows var ( @@ -83,13 +83,13 @@ func NewDriver(root string, options []string) (*Driver, error) { } case "isolation": - if !container.IsolationLevel(val).IsValid() { + if !container.Isolation(val).IsValid() { return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val) } - if container.IsolationLevel(val).IsHyperV() { + if container.Isolation(val).IsHyperV() { DefaultIsolation = "hyperv" } - logrus.Infof("Windows default isolation level: '%s'", val) + logrus.Infof("Windows default isolation: '%s'", val) default: return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key) } diff --git a/daemon/list.go b/daemon/list.go index 472aa8894f..5cce6132f1 100644 --- a/daemon/list.go +++ b/daemon/list.go @@ -246,7 +246,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it return excludeContainer } - // Do not include container if the isolation mode doesn't match + // Do not include container if isolation doesn't match if excludeContainer == excludeByIsolation(container, ctx) { return excludeContainer } diff --git a/runconfig/config.go b/runconfig/config.go index f62b471bce..9f3f9c5e63 100644 --- a/runconfig/config.go +++ b/runconfig/config.go @@ -44,8 +44,8 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon return nil, nil, nil, err } - // Validate the isolation level - if err := ValidateIsolationLevel(hc); err != nil { + // Validate isolation + if err := ValidateIsolation(hc); err != nil { return nil, nil, nil, err } return w.Config, hc, w.NetworkingConfig, nil diff --git a/runconfig/config_test.go b/runconfig/config_test.go index b36d027bea..35a6a0272a 100644 --- a/runconfig/config_test.go +++ b/runconfig/config_test.go @@ -65,7 +65,7 @@ func TestDecodeContainerConfig(t *testing.T) { } } -// TestDecodeContainerConfigIsolation validates the isolation level passed +// TestDecodeContainerConfigIsolation validates isolation passed // to the daemon in the hostConfig structure. Note this is platform specific // as to what level of container isolation is supported. func TestDecodeContainerConfigIsolation(t *testing.T) { @@ -77,17 +77,30 @@ func TestDecodeContainerConfigIsolation(t *testing.T) { } } - // Blank isolation level (== default) + // Blank isolation (== default) if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil { t.Fatal("Blank isolation should have succeeded") } - // Default isolation level + // Default isolation if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil { t.Fatal("default isolation should have succeeded") } - // Hyper-V Containers isolation level (Valid on Windows only) + // Process isolation (Valid on Windows only) + if runtime.GOOS == "windows" { + if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil { + t.Fatal("process isolation should have succeeded") + } + } else { + if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil { + if !strings.Contains(err.Error(), `invalid --isolation: "process"`) { + t.Fatal(err) + } + } + } + + // Hyper-V Containers isolation (Valid on Windows only) if runtime.GOOS == "windows" { if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil { t.Fatal("hyperv isolation should have succeeded") @@ -102,7 +115,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) { } // callDecodeContainerConfigIsolation is a utility function to call -// DecodeContainerConfig for validating isolation levels +// DecodeContainerConfig for validating isolation func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) { var ( b []byte @@ -112,7 +125,7 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c Config: &container.Config{}, HostConfig: &container.HostConfig{ NetworkMode: "none", - Isolation: container.IsolationLevel(isolation)}, + Isolation: container.Isolation(isolation)}, } if b, err = json.Marshal(w); err != nil { return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error()) diff --git a/runconfig/hostconfig_unix.go b/runconfig/hostconfig_unix.go index 28d209b694..1f01e486fa 100644 --- a/runconfig/hostconfig_unix.go +++ b/runconfig/hostconfig_unix.go @@ -70,10 +70,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { return nil } -// ValidateIsolationLevel performs platform specific validation of the -// isolation level in the hostconfig structure. Linux only supports "default" +// ValidateIsolation performs platform specific validation of +// isolation in the hostconfig structure. Linux only supports "default" // which is LXC container isolation -func ValidateIsolationLevel(hc *container.HostConfig) error { +func ValidateIsolation(hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil diff --git a/runconfig/hostconfig_windows.go b/runconfig/hostconfig_windows.go index 56aa171819..ea36666b89 100644 --- a/runconfig/hostconfig_windows.go +++ b/runconfig/hostconfig_windows.go @@ -34,10 +34,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { return nil } -// ValidateIsolationLevel performs platform specific validation of the -// isolation level in the hostconfig structure. Windows supports 'default' (or +// ValidateIsolation performs platform specific validation of the +// isolation in the hostconfig structure. Windows supports 'default' (or // blank), 'process', or 'hyperv'. -func ValidateIsolationLevel(hc *container.HostConfig) error { +func ValidateIsolation(hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil diff --git a/runconfig/opts/parse.go b/runconfig/opts/parse.go index c3683b5911..1c4732c4e5 100644 --- a/runconfig/opts/parse.go +++ b/runconfig/opts/parse.go @@ -91,7 +91,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flVolumeDriver = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container") flStopSignal = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal)) - flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation level") + flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation technology") flShmSize = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB") ) @@ -408,7 +408,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host ReadonlyRootfs: *flReadonlyRootfs, LogConfig: container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts}, VolumeDriver: *flVolumeDriver, - Isolation: container.IsolationLevel(*flIsolation), + Isolation: container.Isolation(*flIsolation), ShmSize: shmSize, Resources: resources, Tmpfs: tmpfs,