diff --git a/runconfig/config.go b/runconfig/config.go index 508681cfe0..43de4bb998 100644 --- a/runconfig/config.go +++ b/runconfig/config.go @@ -55,24 +55,30 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon // Certain parameters need daemon-side validation that cannot be done // on the client, as only the daemon knows what is valid for the platform. - if err := ValidateNetMode(w.Config, hc); err != nil { + if err := validateNetMode(w.Config, hc); err != nil { return nil, nil, nil, err } // Validate isolation - if err := ValidateIsolation(hc); err != nil { + if err := validateIsolation(hc); err != nil { return nil, nil, nil, err } // Validate QoS - if err := ValidateQoS(hc); err != nil { + if err := validateQoS(hc); err != nil { return nil, nil, nil, err } // Validate Resources - if err := ValidateResources(hc, sysinfo.New(true)); err != nil { + if err := validateResources(hc, sysinfo.New(true)); err != nil { return nil, nil, nil, err } + + // Validate Privileged + if err := validatePrivileged(hc); err != nil { + return nil, nil, nil, err + } + return w.Config, hc, w.NetworkingConfig, nil } diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go index 2fd54f6937..e8eede1505 100644 --- a/runconfig/hostconfig.go +++ b/runconfig/hostconfig.go @@ -35,9 +35,9 @@ func SetDefaultNetModeIfBlank(hc *container.HostConfig) { } } -// ValidateNetContainerMode ensures that the various combinations of requested +// validateNetContainerMode ensures that the various combinations of requested // network settings wrt container mode are valid. -func ValidateNetContainerMode(c *container.Config, hc *container.HostConfig) error { +func validateNetContainerMode(c *container.Config, hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil diff --git a/runconfig/hostconfig_solaris.go b/runconfig/hostconfig_solaris.go index 83ad32ecc7..5b6e13dc9d 100644 --- a/runconfig/hostconfig_solaris.go +++ b/runconfig/hostconfig_solaris.go @@ -16,26 +16,31 @@ func IsPreDefinedNetwork(network string) bool { return false } -// ValidateNetMode ensures that the various combinations of requested +// validateNetMode ensures that the various combinations of requested // network settings are valid. -func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { +func validateNetMode(c *container.Config, hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit return nil } -// ValidateIsolation performs platform specific validation of the +// validateIsolation performs platform specific validation of the // isolation level in the hostconfig structure. // This setting is currently discarded for Solaris so this is a no-op. -func ValidateIsolation(hc *container.HostConfig) error { +func validateIsolation(hc *container.HostConfig) error { return nil } -// ValidateQoS performs platform specific validation of the QoS settings -func ValidateQoS(hc *container.HostConfig) error { +// validateQoS performs platform specific validation of the QoS settings +func validateQoS(hc *container.HostConfig) error { return nil } -// ValidateResources performs platform specific validation of the resource settings -func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { +// validateResources performs platform specific validation of the resource settings +func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { + return nil +} + +// validatePrivileged performs platform specific validation of the Privileged setting +func validatePrivileged(hc *container.HostConfig) error { return nil } diff --git a/runconfig/hostconfig_test.go b/runconfig/hostconfig_test.go index 09aea41b7c..991ceb2d0c 100644 --- a/runconfig/hostconfig_test.go +++ b/runconfig/hostconfig_test.go @@ -276,7 +276,7 @@ func TestValidateResources(t *testing.T) { si.CPURealtimePeriod = rt.SysInfoCPURealtimePeriod si.CPURealtimeRuntime = rt.SysInfoCPURealtimeRuntime - if err := ValidateResources(&hc, &si); (err != nil) != rt.ErrorExpected { + if err := validateResources(&hc, &si); (err != nil) != rt.ErrorExpected { t.Fatal(rt.FailureMsg, err) } } diff --git a/runconfig/hostconfig_unix.go b/runconfig/hostconfig_unix.go index b65f149679..2ac1e8ef51 100644 --- a/runconfig/hostconfig_unix.go +++ b/runconfig/hostconfig_unix.go @@ -22,15 +22,15 @@ func IsPreDefinedNetwork(network string) bool { return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() || network == "ingress" } -// ValidateNetMode ensures that the various combinations of requested +// validateNetMode ensures that the various combinations of requested // network settings are valid. -func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { +func validateNetMode(c *container.Config, hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil } - err := ValidateNetContainerMode(c, hc) + err := validateNetContainerMode(c, hc) if err != nil { return err } @@ -46,10 +46,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { return nil } -// ValidateIsolation performs platform specific validation of +// validateIsolation performs platform specific validation of // isolation in the hostconfig structure. Linux only supports "default" // which is LXC container isolation -func ValidateIsolation(hc *container.HostConfig) error { +func validateIsolation(hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil @@ -60,8 +60,8 @@ func ValidateIsolation(hc *container.HostConfig) error { return nil } -// ValidateQoS performs platform specific validation of the QoS settings -func ValidateQoS(hc *container.HostConfig) error { +// validateQoS performs platform specific validation of the QoS settings +func validateQoS(hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil @@ -77,9 +77,9 @@ func ValidateQoS(hc *container.HostConfig) error { return nil } -// ValidateResources performs platform specific validation of the resource settings +// validateResources performs platform specific validation of the resource settings // cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice -func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { +func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil @@ -98,3 +98,8 @@ func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { } return nil } + +// validatePrivileged performs platform specific validation of the Privileged setting +func validatePrivileged(hc *container.HostConfig) error { + return nil +} diff --git a/runconfig/hostconfig_windows.go b/runconfig/hostconfig_windows.go index d3150ac06d..63bc7523be 100644 --- a/runconfig/hostconfig_windows.go +++ b/runconfig/hostconfig_windows.go @@ -18,14 +18,14 @@ func IsPreDefinedNetwork(network string) bool { return !container.NetworkMode(network).IsUserDefined() } -// ValidateNetMode ensures that the various combinations of requested +// validateNetMode ensures that the various combinations of requested // network settings are valid. -func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { +func validateNetMode(c *container.Config, hc *container.HostConfig) error { if hc == nil { return nil } - err := ValidateNetContainerMode(c, hc) + err := validateNetContainerMode(c, hc) if err != nil { return err } @@ -37,10 +37,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error { return nil } -// ValidateIsolation performs platform specific validation of the +// validateIsolation performs platform specific validation of the // isolation in the hostconfig structure. Windows supports 'default' (or // blank), 'process', or 'hyperv'. -func ValidateIsolation(hc *container.HostConfig) error { +func validateIsolation(hc *container.HostConfig) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil @@ -51,18 +51,17 @@ func ValidateIsolation(hc *container.HostConfig) error { return nil } -// ValidateQoS performs platform specific validation of the Qos settings -func ValidateQoS(hc *container.HostConfig) error { +// validateQoS performs platform specific validation of the Qos settings +func validateQoS(hc *container.HostConfig) error { return nil } -// ValidateResources performs platform specific validation of the resource settings -func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { +// validateResources performs platform specific validation of the resource settings +func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { // We may not be passed a host config, such as in the case of docker commit if hc == nil { return nil } - if hc.Resources.CPURealtimePeriod != 0 { return fmt.Errorf("invalid --cpu-rt-period: Windows does not support this feature") } @@ -71,3 +70,15 @@ func ValidateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { } return nil } + +// validatePrivileged performs platform specific validation of the Privileged setting +func validatePrivileged(hc *container.HostConfig) error { + // We may not be passed a host config, such as in the case of docker commit + if hc == nil { + return nil + } + if hc.Privileged { + return fmt.Errorf("invalid --privileged: Windows does not support this feature") + } + return nil +} diff --git a/runconfig/hostconfig_windows_test.go b/runconfig/hostconfig_windows_test.go new file mode 100644 index 0000000000..174a65fcb8 --- /dev/null +++ b/runconfig/hostconfig_windows_test.go @@ -0,0 +1,17 @@ +// +build windows + +package runconfig + +import ( + "testing" + + "github.com/docker/docker/api/types/container" +) + +func TestValidatePrivileged(t *testing.T) { + expected := "invalid --privileged: Windows does not support this feature" + err := validatePrivileged(&container.HostConfig{Privileged: true}) + if err == nil || err.Error() != expected { + t.Fatalf("Expected %s", expected) + } +}