1e1156cf67
RHEL/CentOS 3.10 kernels report that kernel-memory accounting is supported, but it actually does not work. Runc (when compiled for those kernels) will be compiled without kernel-memory support, so even though the daemon may be reporting that it's supported, it actually is not. This cause tests to fail when testing against a daemon that's using a runc version without kmem support. For now, skip these tests based on the kernel version reported by the daemon. This should fix failures such as: ``` FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go:499: DockerSuite.TestRunWithKernelMemory assertion failed: Command: /usr/bin/docker run --kernel-memory 50M --name test1 busybox cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes ExitCode: 0 Error: <nil> Stdout: 9223372036854771712 Stderr: WARNING: You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable. Failures: Expected stdout to contain "52428800" FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:125: DockerSuite.TestUpdateKernelMemory /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:136: ...open /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go: no such file or directory ... obtained string = "9223372036854771712" ... expected string = "104857600" ---------------------------------------------------------------------- FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:139: DockerSuite.TestUpdateKernelMemoryUninitialized /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:149: ...open /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go: no such file or directory ... value = nil ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
128 lines
2.8 KiB
Go
128 lines
2.8 KiB
Go
// +build !windows
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"io/ioutil"
|
|
"os/exec"
|
|
"strings"
|
|
|
|
"github.com/docker/docker/pkg/parsers/kernel"
|
|
"github.com/docker/docker/pkg/sysinfo"
|
|
)
|
|
|
|
var (
|
|
// SysInfo stores information about which features a kernel supports.
|
|
SysInfo *sysinfo.SysInfo
|
|
)
|
|
|
|
func cpuCfsPeriod() bool {
|
|
return testEnv.DaemonInfo.CPUCfsPeriod
|
|
}
|
|
|
|
func cpuCfsQuota() bool {
|
|
return testEnv.DaemonInfo.CPUCfsQuota
|
|
}
|
|
|
|
func cpuShare() bool {
|
|
return testEnv.DaemonInfo.CPUShares
|
|
}
|
|
|
|
func oomControl() bool {
|
|
return testEnv.DaemonInfo.OomKillDisable
|
|
}
|
|
|
|
func pidsLimit() bool {
|
|
return SysInfo.PidsLimit
|
|
}
|
|
|
|
func kernelMemorySupport() bool {
|
|
// TODO remove this once kmem support in RHEL kernels is fixed. See https://github.com/opencontainers/runc/pull/1921
|
|
daemonV, err := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
requiredV := kernel.VersionInfo{Kernel: 3, Major: 10}
|
|
if kernel.CompareKernelVersion(*daemonV, requiredV) < 1 {
|
|
// On Kernel 3.10 and under, don't consider kernel memory to be supported,
|
|
// even if the kernel (and thus the daemon) reports it as being supported
|
|
return false
|
|
}
|
|
return testEnv.DaemonInfo.KernelMemory
|
|
}
|
|
|
|
func memoryLimitSupport() bool {
|
|
return testEnv.DaemonInfo.MemoryLimit
|
|
}
|
|
|
|
func memoryReservationSupport() bool {
|
|
return SysInfo.MemoryReservation
|
|
}
|
|
|
|
func swapMemorySupport() bool {
|
|
return testEnv.DaemonInfo.SwapLimit
|
|
}
|
|
|
|
func memorySwappinessSupport() bool {
|
|
return testEnv.IsLocalDaemon() && SysInfo.MemorySwappiness
|
|
}
|
|
|
|
func blkioWeight() bool {
|
|
return testEnv.IsLocalDaemon() && SysInfo.BlkioWeight
|
|
}
|
|
|
|
func cgroupCpuset() bool {
|
|
return testEnv.DaemonInfo.CPUSet
|
|
}
|
|
|
|
func seccompEnabled() bool {
|
|
return supportsSeccomp && SysInfo.Seccomp
|
|
}
|
|
|
|
func bridgeNfIptables() bool {
|
|
return !SysInfo.BridgeNFCallIPTablesDisabled
|
|
}
|
|
|
|
func bridgeNfIP6tables() bool {
|
|
return !SysInfo.BridgeNFCallIP6TablesDisabled
|
|
}
|
|
|
|
func unprivilegedUsernsClone() bool {
|
|
content, err := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
|
|
return err != nil || !strings.Contains(string(content), "0")
|
|
}
|
|
|
|
func ambientCapabilities() bool {
|
|
content, err := ioutil.ReadFile("/proc/self/status")
|
|
return err != nil || strings.Contains(string(content), "CapAmb:")
|
|
}
|
|
|
|
func overlayFSSupported() bool {
|
|
cmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "/bin/sh", "-c", "cat /proc/filesystems")
|
|
out, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return bytes.Contains(out, []byte("overlay\n"))
|
|
}
|
|
|
|
func overlay2Supported() bool {
|
|
if !overlayFSSupported() {
|
|
return false
|
|
}
|
|
|
|
daemonV, err := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
requiredV := kernel.VersionInfo{Kernel: 4}
|
|
return kernel.CompareKernelVersion(*daemonV, requiredV) > -1
|
|
|
|
}
|
|
|
|
func init() {
|
|
if testEnv.IsLocalDaemon() {
|
|
SysInfo = sysinfo.New(true)
|
|
}
|
|
}
|