2018-02-05 21:05:59 +00:00
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
2016-05-24 15:49:26 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2016-12-05 16:56:42 +00:00
|
|
|
"os"
|
2016-05-24 15:49:26 +00:00
|
|
|
"path/filepath"
|
2017-08-04 18:39:23 +00:00
|
|
|
"runtime"
|
2016-05-24 15:49:26 +00:00
|
|
|
"time"
|
|
|
|
|
|
2016-09-06 18:18:12 +00:00
|
|
|
containertypes "github.com/docker/docker/api/types/container"
|
|
|
|
|
"github.com/docker/docker/api/types/strslice"
|
2016-05-24 15:49:26 +00:00
|
|
|
"github.com/docker/docker/container"
|
2022-08-17 21:13:49 +00:00
|
|
|
"github.com/docker/docker/daemon/config"
|
2016-05-24 15:49:26 +00:00
|
|
|
"github.com/docker/docker/daemon/network"
|
2018-01-11 19:53:06 +00:00
|
|
|
"github.com/docker/docker/errdefs"
|
2016-05-24 15:49:26 +00:00
|
|
|
"github.com/docker/docker/image"
|
2018-12-16 15:11:37 +00:00
|
|
|
"github.com/docker/docker/oci/caps"
|
2016-12-23 19:09:12 +00:00
|
|
|
"github.com/docker/docker/opts"
|
2016-05-27 09:32:26 +00:00
|
|
|
"github.com/docker/docker/pkg/system"
|
2017-02-01 02:03:51 +00:00
|
|
|
"github.com/docker/docker/runconfig"
|
2018-04-17 20:50:28 +00:00
|
|
|
volumemounts "github.com/docker/docker/volume/mounts"
|
2016-05-27 09:32:26 +00:00
|
|
|
"github.com/docker/go-connections/nat"
|
2021-07-09 22:11:57 +00:00
|
|
|
"github.com/moby/sys/signal"
|
2020-05-05 13:35:03 +00:00
|
|
|
"github.com/opencontainers/selinux/go-selinux"
|
2017-07-19 14:20:13 +00:00
|
|
|
"github.com/pkg/errors"
|
2018-12-18 22:17:23 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2016-05-24 15:49:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// GetContainer looks for a container using the provided information, which could be
|
|
|
|
|
// one of the following inputs from the caller:
|
2022-07-08 16:27:07 +00:00
|
|
|
// - A full container ID, which will exact match a container in daemon's list
|
|
|
|
|
// - A container name, which will only exact match via the GetByName() function
|
|
|
|
|
// - A partial container ID prefix (e.g. short ID) of any length that is
|
|
|
|
|
// unique enough to only return a single container object
|
|
|
|
|
// If none of these searches succeed, an error is returned
|
2016-05-24 15:49:26 +00:00
|
|
|
func (daemon *Daemon) GetContainer(prefixOrName string) (*container.Container, error) {
|
|
|
|
|
if len(prefixOrName) == 0 {
|
2017-07-19 14:20:13 +00:00
|
|
|
return nil, errors.WithStack(invalidIdentifier(prefixOrName))
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if containerByID := daemon.containers.Get(prefixOrName); containerByID != nil {
|
|
|
|
|
// prefix is an exact match to a full container ID
|
|
|
|
|
return containerByID, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetByName will match only an exact name provided; we ignore errors
|
|
|
|
|
if containerByName, _ := daemon.GetByName(prefixOrName); containerByName != nil {
|
|
|
|
|
// prefix is an exact match to a full container Name
|
|
|
|
|
return containerByName, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-08 11:12:30 +00:00
|
|
|
containerID, err := daemon.containersReplica.GetByPrefix(prefixOrName)
|
|
|
|
|
if err != nil {
|
2022-07-08 11:23:01 +00:00
|
|
|
return nil, err
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
2022-12-12 19:39:10 +00:00
|
|
|
ctr := daemon.containers.Get(containerID)
|
|
|
|
|
if ctr == nil {
|
|
|
|
|
// Updates to the daemon.containersReplica ViewDB are not atomic
|
|
|
|
|
// or consistent w.r.t. the live daemon.containers Store so
|
|
|
|
|
// while reaching this code path may be indicative of a bug,
|
|
|
|
|
// it is not _necessarily_ the case.
|
|
|
|
|
logrus.WithField("prefixOrName", prefixOrName).
|
|
|
|
|
WithField("id", containerID).
|
|
|
|
|
Debugf("daemon.GetContainer: container is known to daemon.containersReplica but not daemon.containers")
|
|
|
|
|
return nil, containerNotFound(prefixOrName)
|
|
|
|
|
}
|
|
|
|
|
return ctr, nil
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-28 10:11:48 +00:00
|
|
|
// checkContainer make sure the specified container validates the specified conditions
|
|
|
|
|
func (daemon *Daemon) checkContainer(container *container.Container, conditions ...func(*container.Container) error) error {
|
|
|
|
|
for _, condition := range conditions {
|
|
|
|
|
if err := condition(container); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 15:49:26 +00:00
|
|
|
// Exists returns a true if a container of the specified ID or name exists,
|
|
|
|
|
// false otherwise.
|
|
|
|
|
func (daemon *Daemon) Exists(id string) bool {
|
|
|
|
|
c, _ := daemon.GetContainer(id)
|
|
|
|
|
return c != nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IsPaused returns a bool indicating if the specified container is paused.
|
|
|
|
|
func (daemon *Daemon) IsPaused(id string) bool {
|
|
|
|
|
c, _ := daemon.GetContainer(id)
|
|
|
|
|
return c.State.IsPaused()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (daemon *Daemon) containerRoot(id string) string {
|
|
|
|
|
return filepath.Join(daemon.repository, id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load reads the contents of a container from disk
|
|
|
|
|
// This is typically done at startup.
|
|
|
|
|
func (daemon *Daemon) load(id string) (*container.Container, error) {
|
2019-08-09 12:10:07 +00:00
|
|
|
ctr := daemon.newBaseContainer(id)
|
2016-05-24 15:49:26 +00:00
|
|
|
|
2019-08-09 12:10:07 +00:00
|
|
|
if err := ctr.FromDisk(); err != nil {
|
2016-05-24 15:49:26 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-05-05 13:35:03 +00:00
|
|
|
selinux.ReserveLabel(ctr.ProcessLabel)
|
2016-05-24 15:49:26 +00:00
|
|
|
|
2019-08-09 12:10:07 +00:00
|
|
|
if ctr.ID != id {
|
|
|
|
|
return ctr, fmt.Errorf("Container %s is stored at %s", ctr.ID, id)
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
2019-08-09 12:10:07 +00:00
|
|
|
return ctr, nil
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Register makes a container object usable by the daemon as <container.ID>
|
2017-02-22 22:02:20 +00:00
|
|
|
func (daemon *Daemon) Register(c *container.Container) error {
|
2016-05-24 15:49:26 +00:00
|
|
|
// Attach to stdout and stderr
|
|
|
|
|
if c.Config.OpenStdin {
|
2016-11-14 20:15:09 +00:00
|
|
|
c.StreamConfig.NewInputPipes()
|
2016-05-24 15:49:26 +00:00
|
|
|
} else {
|
2016-11-14 20:15:09 +00:00
|
|
|
c.StreamConfig.NewNopInputPipe()
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 22:02:20 +00:00
|
|
|
// once in the memory store it is visible to other goroutines
|
2017-02-23 23:12:18 +00:00
|
|
|
// grab a Lock until it has been checkpointed to avoid races
|
2017-02-22 22:02:20 +00:00
|
|
|
c.Lock()
|
|
|
|
|
defer c.Unlock()
|
|
|
|
|
|
2016-05-24 15:49:26 +00:00
|
|
|
daemon.containers.Add(c.ID, c)
|
2017-02-23 23:12:18 +00:00
|
|
|
return c.CheckpointTo(daemon.containersReplica)
|
2016-05-24 15:49:26 +00:00
|
|
|
}
|
|
|
|
|
|
2017-08-08 19:43:48 +00:00
|
|
|
func (daemon *Daemon) newContainer(name string, operatingSystem string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {
|
2016-05-24 15:49:26 +00:00
|
|
|
var (
|
|
|
|
|
id string
|
|
|
|
|
err error
|
|
|
|
|
noExplicitName = name == ""
|
|
|
|
|
)
|
|
|
|
|
id, name, err = daemon.generateIDAndName(name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-05 16:56:42 +00:00
|
|
|
if hostConfig.NetworkMode.IsHost() {
|
|
|
|
|
if config.Hostname == "" {
|
|
|
|
|
config.Hostname, err = os.Hostname()
|
|
|
|
|
if err != nil {
|
2017-11-29 04:09:37 +00:00
|
|
|
return nil, errdefs.System(err)
|
2016-12-05 16:56:42 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
daemon.generateHostname(id, config)
|
|
|
|
|
}
|
2016-05-24 15:49:26 +00:00
|
|
|
entrypoint, args := daemon.getEntrypointAndArgs(config.Entrypoint, config.Cmd)
|
|
|
|
|
|
|
|
|
|
base := daemon.newBaseContainer(id)
|
|
|
|
|
base.Created = time.Now().UTC()
|
2016-06-14 02:52:49 +00:00
|
|
|
base.Managed = managed
|
2016-05-24 15:49:26 +00:00
|
|
|
base.Path = entrypoint
|
2019-11-27 14:43:53 +00:00
|
|
|
base.Args = args // FIXME: de-duplicate from config
|
2016-05-24 15:49:26 +00:00
|
|
|
base.Config = config
|
|
|
|
|
base.HostConfig = &containertypes.HostConfig{}
|
|
|
|
|
base.ImageID = imgID
|
|
|
|
|
base.NetworkSettings = &network.Settings{IsAnonymousEndpoint: noExplicitName}
|
|
|
|
|
base.Name = name
|
2022-08-09 15:03:50 +00:00
|
|
|
base.Driver = daemon.imageService.StorageDriver()
|
2017-08-08 19:43:48 +00:00
|
|
|
base.OS = operatingSystem
|
2016-05-24 15:49:26 +00:00
|
|
|
return base, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetByName returns a container given a name.
|
|
|
|
|
func (daemon *Daemon) GetByName(name string) (*container.Container, error) {
|
|
|
|
|
if len(name) == 0 {
|
|
|
|
|
return nil, fmt.Errorf("No container name supplied")
|
|
|
|
|
}
|
|
|
|
|
fullName := name
|
|
|
|
|
if name[0] != '/' {
|
|
|
|
|
fullName = "/" + name
|
|
|
|
|
}
|
2017-06-30 01:56:22 +00:00
|
|
|
id, err := daemon.containersReplica.Snapshot().GetID(fullName)
|
2016-05-24 15:49:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Could not find entity for %s", name)
|
|
|
|
|
}
|
|
|
|
|
e := daemon.containers.Get(id)
|
|
|
|
|
if e == nil {
|
|
|
|
|
return nil, fmt.Errorf("Could not find container for entity id %s", id)
|
|
|
|
|
}
|
|
|
|
|
return e, nil
|
|
|
|
|
}
|
2016-05-27 09:32:26 +00:00
|
|
|
|
|
|
|
|
// newBaseContainer creates a new container with its initial
|
|
|
|
|
// configuration based on the root storage from the daemon.
|
|
|
|
|
func (daemon *Daemon) newBaseContainer(id string) *container.Container {
|
|
|
|
|
return container.NewBaseContainer(id, daemon.containerRoot(id))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (daemon *Daemon) getEntrypointAndArgs(configEntrypoint strslice.StrSlice, configCmd strslice.StrSlice) (string, []string) {
|
|
|
|
|
if len(configEntrypoint) != 0 {
|
|
|
|
|
return configEntrypoint[0], append(configEntrypoint[1:], configCmd...)
|
|
|
|
|
}
|
|
|
|
|
return configCmd[0], configCmd[1:]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (daemon *Daemon) generateHostname(id string, config *containertypes.Config) {
|
|
|
|
|
// Generate default hostname
|
|
|
|
|
if config.Hostname == "" {
|
|
|
|
|
config.Hostname = id[:12]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-17 21:13:49 +00:00
|
|
|
func (daemon *Daemon) setSecurityOptions(cfg *config.Config, container *container.Container, hostConfig *containertypes.HostConfig) error {
|
2016-05-27 09:32:26 +00:00
|
|
|
container.Lock()
|
|
|
|
|
defer container.Unlock()
|
2022-08-17 21:13:49 +00:00
|
|
|
return daemon.parseSecurityOpt(cfg, &container.SecurityOptions, hostConfig)
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *containertypes.HostConfig) error {
|
|
|
|
|
// Do not lock while creating volumes since this could be calling out to external plugins
|
|
|
|
|
// Don't want to block other actions, like `docker ps` because we're waiting on an external plugin
|
|
|
|
|
if err := daemon.registerMountPoints(container, hostConfig); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
container.Lock()
|
|
|
|
|
defer container.Unlock()
|
|
|
|
|
|
|
|
|
|
// Register any links from the host config before starting the container
|
|
|
|
|
if err := daemon.registerLinks(container, hostConfig); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-01 02:03:51 +00:00
|
|
|
runconfig.SetDefaultNetModeIfBlank(hostConfig)
|
2016-05-27 09:32:26 +00:00
|
|
|
container.HostConfig = hostConfig
|
2022-12-12 20:23:43 +00:00
|
|
|
return nil
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// verifyContainerSettings performs validation of the hostconfig and config
|
|
|
|
|
// structures.
|
2022-08-17 21:13:49 +00:00
|
|
|
func (daemon *Daemon) verifyContainerSettings(daemonCfg *config.Config, hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) (warnings []string, err error) {
|
2016-05-27 09:32:26 +00:00
|
|
|
// First perform verification of settings common across all platforms.
|
2021-06-11 19:01:18 +00:00
|
|
|
if err = validateContainerConfig(config); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return warnings, err
|
|
|
|
|
}
|
2021-06-11 19:01:18 +00:00
|
|
|
if err := validateHostConfig(hostConfig); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return warnings, err
|
|
|
|
|
}
|
2016-05-27 09:32:26 +00:00
|
|
|
|
2018-12-19 00:28:08 +00:00
|
|
|
// Now do platform-specific verification
|
2022-08-17 21:13:49 +00:00
|
|
|
warnings, err = verifyPlatformContainerSettings(daemon, daemonCfg, hostConfig, update)
|
2018-12-19 00:28:08 +00:00
|
|
|
for _, w := range warnings {
|
|
|
|
|
logrus.Warn(w)
|
|
|
|
|
}
|
|
|
|
|
return warnings, err
|
|
|
|
|
}
|
2016-05-27 09:32:26 +00:00
|
|
|
|
2021-06-11 19:01:18 +00:00
|
|
|
func validateContainerConfig(config *containertypes.Config) error {
|
2018-12-19 00:28:08 +00:00
|
|
|
if config == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2021-06-11 19:01:18 +00:00
|
|
|
if err := translateWorkingDir(config); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(config.StopSignal) > 0 {
|
|
|
|
|
if _, err := signal.ParseSignal(config.StopSignal); err != nil {
|
|
|
|
|
return err
|
2016-11-05 18:53:54 +00:00
|
|
|
}
|
2018-12-19 00:28:08 +00:00
|
|
|
}
|
|
|
|
|
// Validate if Env contains empty variable or not (e.g., ``, `=foo`)
|
|
|
|
|
for _, env := range config.Env {
|
|
|
|
|
if _, err := opts.ValidateEnv(env); err != nil {
|
|
|
|
|
return err
|
2017-01-17 07:55:45 +00:00
|
|
|
}
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
2018-12-19 00:28:08 +00:00
|
|
|
return validateHealthCheck(config.Healthcheck)
|
|
|
|
|
}
|
2016-05-27 09:32:26 +00:00
|
|
|
|
2021-06-11 19:01:18 +00:00
|
|
|
func validateHostConfig(hostConfig *containertypes.HostConfig) error {
|
2016-05-27 09:32:26 +00:00
|
|
|
if hostConfig == nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return nil
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
2018-02-09 08:03:08 +00:00
|
|
|
|
2016-03-01 16:30:27 +00:00
|
|
|
if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
|
2018-12-19 00:28:08 +00:00
|
|
|
return errors.Errorf("can't create 'AutoRemove' container with restart policy")
|
2016-03-01 16:30:27 +00:00
|
|
|
}
|
2017-12-19 10:44:29 +00:00
|
|
|
// Validate mounts; check if host directories still exist
|
2021-06-11 19:01:18 +00:00
|
|
|
parser := volumemounts.NewParser()
|
2021-04-16 15:21:26 +00:00
|
|
|
for _, c := range hostConfig.Mounts {
|
|
|
|
|
cfg := c
|
2017-12-19 10:44:29 +00:00
|
|
|
if err := parser.ValidateMountConfig(&cfg); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return err
|
2017-12-19 10:44:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-02-27 13:21:10 +00:00
|
|
|
for _, extraHost := range hostConfig.ExtraHosts {
|
|
|
|
|
if _, err := opts.ValidateExtraHost(extraHost); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return err
|
2017-02-27 13:21:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-12-19 00:13:54 +00:00
|
|
|
if err := validatePortBindings(hostConfig.PortBindings); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return err
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
2018-12-19 00:12:08 +00:00
|
|
|
if err := validateRestartPolicy(hostConfig.RestartPolicy); err != nil {
|
2018-12-19 00:28:08 +00:00
|
|
|
return err
|
2016-06-28 22:33:55 +00:00
|
|
|
}
|
2018-12-16 15:11:37 +00:00
|
|
|
if err := validateCapabilities(hostConfig); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-11-14 13:36:25 +00:00
|
|
|
if !hostConfig.Isolation.IsValid() {
|
2018-12-19 00:28:08 +00:00
|
|
|
return errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
2017-11-15 14:44:49 +00:00
|
|
|
}
|
2023-02-17 20:06:19 +00:00
|
|
|
for k := range hostConfig.Annotations {
|
|
|
|
|
if k == "" {
|
|
|
|
|
return errors.Errorf("invalid Annotations: the empty string is not permitted as an annotation key")
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-12-19 00:28:08 +00:00
|
|
|
return nil
|
2016-05-27 09:32:26 +00:00
|
|
|
}
|
2018-12-19 00:09:06 +00:00
|
|
|
|
2018-12-16 15:11:37 +00:00
|
|
|
func validateCapabilities(hostConfig *containertypes.HostConfig) error {
|
|
|
|
|
if _, err := caps.NormalizeLegacyCapabilities(hostConfig.CapAdd); err != nil {
|
|
|
|
|
return errors.Wrap(err, "invalid CapAdd")
|
|
|
|
|
}
|
|
|
|
|
if _, err := caps.NormalizeLegacyCapabilities(hostConfig.CapDrop); err != nil {
|
|
|
|
|
return errors.Wrap(err, "invalid CapDrop")
|
|
|
|
|
}
|
|
|
|
|
// TODO consider returning warnings if "Privileged" is combined with Capabilities, CapAdd and/or CapDrop
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-19 00:09:06 +00:00
|
|
|
// validateHealthCheck validates the healthcheck params of Config
|
|
|
|
|
func validateHealthCheck(healthConfig *containertypes.HealthConfig) error {
|
|
|
|
|
if healthConfig == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
if healthConfig.Interval != 0 && healthConfig.Interval < containertypes.MinimumDuration {
|
|
|
|
|
return errors.Errorf("Interval in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
|
|
|
|
|
}
|
|
|
|
|
if healthConfig.Timeout != 0 && healthConfig.Timeout < containertypes.MinimumDuration {
|
|
|
|
|
return errors.Errorf("Timeout in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
|
|
|
|
|
}
|
|
|
|
|
if healthConfig.Retries < 0 {
|
|
|
|
|
return errors.Errorf("Retries in Healthcheck cannot be negative")
|
|
|
|
|
}
|
|
|
|
|
if healthConfig.StartPeriod != 0 && healthConfig.StartPeriod < containertypes.MinimumDuration {
|
|
|
|
|
return errors.Errorf("StartPeriod in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2018-12-19 00:12:08 +00:00
|
|
|
|
2018-12-19 00:13:54 +00:00
|
|
|
func validatePortBindings(ports nat.PortMap) error {
|
|
|
|
|
for port := range ports {
|
|
|
|
|
_, portStr := nat.SplitProtoPort(string(port))
|
|
|
|
|
if _, err := nat.ParsePort(portStr); err != nil {
|
|
|
|
|
return errors.Errorf("invalid port specification: %q", portStr)
|
|
|
|
|
}
|
|
|
|
|
for _, pb := range ports[port] {
|
|
|
|
|
_, err := nat.NewPort(nat.SplitProtoPort(pb.HostPort))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Errorf("invalid port specification: %q", pb.HostPort)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-19 00:12:08 +00:00
|
|
|
func validateRestartPolicy(policy containertypes.RestartPolicy) error {
|
|
|
|
|
switch policy.Name {
|
|
|
|
|
case "always", "unless-stopped", "no":
|
|
|
|
|
if policy.MaximumRetryCount != 0 {
|
|
|
|
|
return errors.Errorf("maximum retry count cannot be used with restart policy '%s'", policy.Name)
|
|
|
|
|
}
|
|
|
|
|
case "on-failure":
|
|
|
|
|
if policy.MaximumRetryCount < 0 {
|
|
|
|
|
return errors.Errorf("maximum retry count cannot be negative")
|
|
|
|
|
}
|
|
|
|
|
case "":
|
|
|
|
|
// do nothing
|
|
|
|
|
return nil
|
|
|
|
|
default:
|
|
|
|
|
return errors.Errorf("invalid restart policy '%s'", policy.Name)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2018-12-19 00:16:31 +00:00
|
|
|
|
|
|
|
|
// translateWorkingDir translates the working-dir for the target platform,
|
|
|
|
|
// and returns an error if the given path is not an absolute path.
|
2021-06-11 19:01:18 +00:00
|
|
|
func translateWorkingDir(config *containertypes.Config) error {
|
2018-12-19 00:16:31 +00:00
|
|
|
if config.WorkingDir == "" {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2021-06-11 19:01:18 +00:00
|
|
|
wd := filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
|
|
|
|
|
if !system.IsAbs(wd) {
|
|
|
|
|
return fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
|
2018-12-19 00:16:31 +00:00
|
|
|
}
|
|
|
|
|
config.WorkingDir = wd
|
|
|
|
|
return nil
|
|
|
|
|
}
|
