Added validation of isolation settings on daemon.verifyContainerSettings
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
This commit is contained in:
parent
b4fbcd80c7
commit
e6bfe9cdcb
3 changed files with 20 additions and 0 deletions
|
@ -329,6 +329,10 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta
|
|||
return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
|
||||
}
|
||||
|
||||
if !hostConfig.Isolation.IsValid() {
|
||||
return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
||||
}
|
||||
|
||||
// Now do platform-specific verification
|
||||
return verifyPlatformContainerSettings(daemon, hostConfig, config, update)
|
||||
}
|
||||
|
|
|
@ -157,3 +157,10 @@ func TestTmpfsDevShmSizeOverride(t *testing.T) {
|
|||
t.Fatal("/dev/shm not found in spec, or size option missing")
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateContainerIsolationLinux(t *testing.T) {
|
||||
d := Daemon{}
|
||||
|
||||
_, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
|
||||
assert.EqualError(t, err, "invalid isolation 'hyperv' on linux")
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"testing"
|
||||
|
||||
containertypes "github.com/docker/docker/api/types/container"
|
||||
|
@ -16,6 +17,7 @@ import (
|
|||
"github.com/docker/docker/volume/local"
|
||||
"github.com/docker/docker/volume/store"
|
||||
"github.com/docker/go-connections/nat"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
//
|
||||
|
@ -302,3 +304,10 @@ func TestMerge(t *testing.T) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateContainerIsolation(t *testing.T) {
|
||||
d := Daemon{}
|
||||
|
||||
_, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
|
||||
assert.EqualError(t, err, "invalid isolation 'invalid' on "+runtime.GOOS)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue