We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
moby
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Windows: Fix 'isolation'

Signed-off-by: John Howard <jhoward@microsoft.com>
John Howard 9 anos atrás
pai
2658341b5f
commit
d4b0732499
11 arquivos alterados com 42 adições e 29 exclusões
Visão unificada Mostrar estatísticas do Diff
  1. 2 2
      api/client/build.go
  2. 3 3
      api/server/router/build/build_routes.go
  3. 1 1
      builder/dockerfile/internals.go
  4. 1 1
      daemon/execdriver/driver_windows.go
  5. 5 5
      daemon/execdriver/windows/windows.go
  6. 1 1
      daemon/list.go
  7. 2 2
      runconfig/config.go
  8. 19 6
      runconfig/config_test.go
  9. 3 3
      runconfig/hostconfig_unix.go
  10. 3 3
      runconfig/hostconfig_windows.go
  11. 2 2
      runconfig/opts/parse.go

+ 2 - 2
api/client/build.go
Ver arquivo 

@@ -66,7 +66,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 
 	flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
 
 	flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
 
 	flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv)
 
 	flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv)
 
 	cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
 
 	cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
 
-	isolation := cmd.String([]string{"-isolation"}, "", "Container isolation level")
 
+	isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology")
 
 
 
 	ulimits := make(map[string]*units.Ulimit)
 
 	ulimits := make(map[string]*units.Ulimit)
 
 	flUlimits := runconfigopts.NewUlimitOpt(&ulimits)
 
 	flUlimits := runconfigopts.NewUlimitOpt(&ulimits)
 
@@ -224,7 +224,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 
 		Remove:         *rm,
 
 		Remove:         *rm,
 
 		ForceRemove:    *forceRm,
 
 		ForceRemove:    *forceRm,
 
 		PullParent:     *pull,
 
 		PullParent:     *pull,
 
-		IsolationLevel: container.IsolationLevel(*isolation),
 
+		Isolation:      container.Isolation(*isolation),
 
 		CPUSetCPUs:     *flCPUSetCpus,
 
 		CPUSetCPUs:     *flCPUSetCpus,
 
 		CPUSetMems:     *flCPUSetMems,
 
 		CPUSetMems:     *flCPUSetMems,
 
 		CPUShares:      *flCPUShares,
 
 		CPUShares:      *flCPUShares,

+ 3 - 3
api/server/router/build/build_routes.go
Ver arquivo 

@@ -60,11 +60,11 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
 
 		options.ShmSize = shmSize
 
 		options.ShmSize = shmSize
 
 	}
 
 	}
 
 
 
-	if i := container.IsolationLevel(r.FormValue("isolation")); i != "" {
 
-		if !container.IsolationLevel.IsValid(i) {
 
+	if i := container.Isolation(r.FormValue("isolation")); i != "" {
 
+		if !container.Isolation.IsValid(i) {
 
 			return nil, fmt.Errorf("Unsupported isolation: %q", i)
 
 			return nil, fmt.Errorf("Unsupported isolation: %q", i)
 
 		}
 
 		}
 
-		options.IsolationLevel = i
 
+		options.Isolation = i
 
 	}
 
 	}
 
 
 
 	var buildUlimits = []*units.Ulimit{}
 
 	var buildUlimits = []*units.Ulimit{}

+ 1 - 1
builder/dockerfile/internals.go
Ver arquivo 

@@ -506,7 +506,7 @@ func (b *Builder) create() (string, error) {
 
 
 
 	// TODO: why not embed a hostconfig in builder?
 
 	// TODO: why not embed a hostconfig in builder?
 
 	hostConfig := &container.HostConfig{
 
 	hostConfig := &container.HostConfig{
 
-		Isolation: b.options.IsolationLevel,
 
+		Isolation: b.options.Isolation,
 
 		ShmSize:   b.options.ShmSize,
 
 		ShmSize:   b.options.ShmSize,
 
 		Resources: resources,
 
 		Resources: resources,
 
 	}
 
 	}

+ 1 - 1
daemon/execdriver/driver_windows.go
Ver arquivo 

@@ -53,7 +53,7 @@ type Command struct {
 
 	Hostname    string   `json:"hostname"`     // Windows sets the hostname in the execdriver
 
 	Hostname    string   `json:"hostname"`     // Windows sets the hostname in the execdriver
 
 	LayerFolder string   `json:"layer_folder"` // Layer folder for a command
 
 	LayerFolder string   `json:"layer_folder"` // Layer folder for a command
 
 	LayerPaths  []string `json:"layer_paths"`  // Layer paths for a command
 
 	LayerPaths  []string `json:"layer_paths"`  // Layer paths for a command
 
-	Isolation   string   `json:"isolation"`    // Isolation level for the container
 
+	Isolation   string   `json:"isolation"`    // Isolation technology for the container
 
 	ArgsEscaped bool     `json:"args_escaped"` // True if args are already escaped
 
 	ArgsEscaped bool     `json:"args_escaped"` // True if args are already escaped
 
 	HvPartition bool     `json:"hv_partition"` // True if it's an hypervisor partition
 
 	HvPartition bool     `json:"hv_partition"` // True if it's an hypervisor partition
 
 }
 
 }

+ 5 - 5
daemon/execdriver/windows/windows.go
Ver arquivo 

@@ -28,11 +28,11 @@ var dummyMode bool
 
 // This allows the daemon to force kill (HCS terminate) rather than shutdown
 
 // This allows the daemon to force kill (HCS terminate) rather than shutdown
 
 var forceKill bool
 
 var forceKill bool
 
 
 
-// DefaultIsolation allows users to specify a default isolation mode for
 
+// DefaultIsolation allows users to specify a default isolation technology for
 
 // when running a container on Windows. For example docker daemon -D
 
 // when running a container on Windows. For example docker daemon -D
 
 // --exec-opt isolation=hyperv will cause Windows to always run containers
 
 // --exec-opt isolation=hyperv will cause Windows to always run containers
 
 // as Hyper-V containers unless otherwise specified.
 
 // as Hyper-V containers unless otherwise specified.
 
-var DefaultIsolation container.IsolationLevel = "process"
 
+var DefaultIsolation container.Isolation = "process"
 
 
 
 // Define name and version for windows
 
 // Define name and version for windows
 
 var (
 
 var (
 
@@ -83,13 +83,13 @@ func NewDriver(root string, options []string) (*Driver, error) {
 
 			}
 
 			}
 
 
 
 		case "isolation":
 
 		case "isolation":
 
-			if !container.IsolationLevel(val).IsValid() {
 
+			if !container.Isolation(val).IsValid() {
 
 				return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val)
 
 				return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val)
 
 			}
 
 			}
 
-			if container.IsolationLevel(val).IsHyperV() {
 
+			if container.Isolation(val).IsHyperV() {
 
 				DefaultIsolation = "hyperv"
 
 				DefaultIsolation = "hyperv"
 
 			}
 
 			}
 
-			logrus.Infof("Windows default isolation level: '%s'", val)
 
+			logrus.Infof("Windows default isolation: '%s'", val)
 
 		default:
 
 		default:
 
 			return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key)
 
 			return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key)
 
 		}
 
 		}

+ 1 - 1
daemon/list.go
Ver arquivo 

@@ -246,7 +246,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
 
 		return excludeContainer
 
 		return excludeContainer
 
 	}
 
 	}
 
 
 
-	// Do not include container if the isolation mode doesn't match
 
+	// Do not include container if isolation doesn't match
 
 	if excludeContainer == excludeByIsolation(container, ctx) {
 
 	if excludeContainer == excludeByIsolation(container, ctx) {
 
 		return excludeContainer
 
 		return excludeContainer
 
 	}
 
 	}

+ 2 - 2
runconfig/config.go
Ver arquivo 

@@ -44,8 +44,8 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon
 
 		return nil, nil, nil, err
 
 		return nil, nil, nil, err
 
 	}
 
 	}
 
 
 
-	// Validate the isolation level
 
-	if err := ValidateIsolationLevel(hc); err != nil {
 
+	// Validate isolation
 
+	if err := ValidateIsolation(hc); err != nil {
 
 		return nil, nil, nil, err
 
 		return nil, nil, nil, err
 
 	}
 
 	}
 
 	return w.Config, hc, w.NetworkingConfig, nil
 
 	return w.Config, hc, w.NetworkingConfig, nil

+ 19 - 6
runconfig/config_test.go
Ver arquivo 

@@ -65,7 +65,7 @@ func TestDecodeContainerConfig(t *testing.T) {
 
 	}
 
 	}
 
 }
 
 }
 
 
 
-// TestDecodeContainerConfigIsolation validates the isolation level passed
 
+// TestDecodeContainerConfigIsolation validates isolation passed
 
 // to the daemon in the hostConfig structure. Note this is platform specific
 
 // to the daemon in the hostConfig structure. Note this is platform specific
 
 // as to what level of container isolation is supported.
 
 // as to what level of container isolation is supported.
 
 func TestDecodeContainerConfigIsolation(t *testing.T) {
 
 func TestDecodeContainerConfigIsolation(t *testing.T) {
 
@@ -77,17 +77,30 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
-	// Blank isolation level (== default)
 
+	// Blank isolation (== default)
 
 	if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil {
 
 	if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil {
 
 		t.Fatal("Blank isolation should have succeeded")
 
 		t.Fatal("Blank isolation should have succeeded")
 
 	}
 
 	}
 
 
 
-	// Default isolation level
 
+	// Default isolation
 
 	if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil {
 
 	if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil {
 
 		t.Fatal("default isolation should have succeeded")
 
 		t.Fatal("default isolation should have succeeded")
 
 	}
 
 	}
 
 
 
-	// Hyper-V Containers isolation level (Valid on Windows only)
 
+	// Process isolation (Valid on Windows only)
 
+	if runtime.GOOS == "windows" {
 
+		if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
 
+			t.Fatal("process isolation should have succeeded")
 
+		}
 
+	} else {
 
+		if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
 
+			if !strings.Contains(err.Error(), `invalid --isolation: "process"`) {
 
+				t.Fatal(err)
 
+			}
 
+		}
 
+	}
 
+
 
+	// Hyper-V Containers isolation (Valid on Windows only)
 
 	if runtime.GOOS == "windows" {
 
 	if runtime.GOOS == "windows" {
 
 		if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
 
 		if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
 
 			t.Fatal("hyperv isolation should have succeeded")
 
 			t.Fatal("hyperv isolation should have succeeded")
 
@@ -102,7 +115,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
 
 }
 
 }
 
 
 
 // callDecodeContainerConfigIsolation is a utility function to call
 
 // callDecodeContainerConfigIsolation is a utility function to call
 
-// DecodeContainerConfig for validating isolation levels
 
+// DecodeContainerConfig for validating isolation
 
 func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
 
 func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
 
 	var (
 
 	var (
 
 		b   []byte
 
 		b   []byte
 
@@ -112,7 +125,7 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c
 
 		Config: &container.Config{},
 
 		Config: &container.Config{},
 
 		HostConfig: &container.HostConfig{
 
 		HostConfig: &container.HostConfig{
 
 			NetworkMode: "none",
 
 			NetworkMode: "none",
 
-			Isolation:   container.IsolationLevel(isolation)},
 
+			Isolation:   container.Isolation(isolation)},
 
 	}
 
 	}
 
 	if b, err = json.Marshal(w); err != nil {
 
 	if b, err = json.Marshal(w); err != nil {
 
 		return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
 
 		return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())

+ 3 - 3
runconfig/hostconfig_unix.go
Ver arquivo 

@@ -70,10 +70,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
 
 	return nil
 
 	return nil
 
 }
 
 }
 
 
 
-// ValidateIsolationLevel performs platform specific validation of the
 
-// isolation level in the hostconfig structure. Linux only supports "default"
 
+// ValidateIsolation performs platform specific validation of
 
+// isolation in the hostconfig structure. Linux only supports "default"
 
 // which is LXC container isolation
 
 // which is LXC container isolation
 
-func ValidateIsolationLevel(hc *container.HostConfig) error {
 
+func ValidateIsolation(hc *container.HostConfig) error {
 
 	// We may not be passed a host config, such as in the case of docker commit
 
 	// We may not be passed a host config, such as in the case of docker commit
 
 	if hc == nil {
 
 	if hc == nil {
 
 		return nil
 
 		return nil

+ 3 - 3
runconfig/hostconfig_windows.go
Ver arquivo 

@@ -34,10 +34,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
 
 	return nil
 
 	return nil
 
 }
 
 }
 
 
 
-// ValidateIsolationLevel performs platform specific validation of the
 
-// isolation level in the hostconfig structure. Windows supports 'default' (or
 
+// ValidateIsolation performs platform specific validation of the
 
+// isolation in the hostconfig structure. Windows supports 'default' (or
 
 // blank), 'process', or 'hyperv'.
 
 // blank), 'process', or 'hyperv'.
 
-func ValidateIsolationLevel(hc *container.HostConfig) error {
 
+func ValidateIsolation(hc *container.HostConfig) error {
 
 	// We may not be passed a host config, such as in the case of docker commit
 
 	// We may not be passed a host config, such as in the case of docker commit
 
 	if hc == nil {
 
 	if hc == nil {
 
 		return nil
 
 		return nil

+ 2 - 2
runconfig/opts/parse.go
Ver arquivo 

@@ -91,7 +91,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host
 
 		flCgroupParent      = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
 
 		flCgroupParent      = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
 
 		flVolumeDriver      = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container")
 
 		flVolumeDriver      = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container")
 
 		flStopSignal        = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
 
 		flStopSignal        = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
 
-		flIsolation         = cmd.String([]string{"-isolation"}, "", "Container isolation level")
 
+		flIsolation         = cmd.String([]string{"-isolation"}, "", "Container isolation technology")
 
 		flShmSize           = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
 
 		flShmSize           = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
 
 	)
 
 	)
 
 
 
@@ -408,7 +408,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host
 
 		ReadonlyRootfs: *flReadonlyRootfs,
 
 		ReadonlyRootfs: *flReadonlyRootfs,
 
 		LogConfig:      container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts},
 
 		LogConfig:      container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts},
 
 		VolumeDriver:   *flVolumeDriver,
 
 		VolumeDriver:   *flVolumeDriver,
 
-		Isolation:      container.IsolationLevel(*flIsolation),
 
+		Isolation:      container.Isolation(*flIsolation),
 
 		ShmSize:        shmSize,
 
 		ShmSize:        shmSize,
 
 		Resources:      resources,
 
 		Resources:      resources,
 
 		Tmpfs:          tmpfs,
 
 		Tmpfs:          tmpfs,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5