@@ -657,16 +657,16 @@ func postContainersCreate(srv *Server, version float64, w http.ResponseWriter, r

 	for scanner.Scan() {

 		out.Warnings = append(out.Warnings, scanner.Text())

 	}

-	if job.GetenvInt("Memory") > 0 && !srv.runtime.capabilities.MemoryLimit {

+	if job.GetenvInt("Memory") > 0 && !srv.runtime.sysInfo.MemoryLimit {

 		log.Println("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.")

 		out.Warnings = append(out.Warnings, "Your kernel does not support memory limit capabilities. Limitation discarded.")

 	}

-	if job.GetenvInt("Memory") > 0 && !srv.runtime.capabilities.SwapLimit {

+	if job.GetenvInt("Memory") > 0 && !srv.runtime.sysInfo.SwapLimit {

 		log.Println("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.")

 		out.Warnings = append(out.Warnings, "Your kernel does not support memory swap capabilities. Limitation discarded.")

 	}

-	if !job.GetenvBool("NetworkDisabled") && srv.runtime.capabilities.IPv4ForwardingDisabled {

+	if !job.GetenvBool("NetworkDisabled") && srv.runtime.sysInfo.IPv4ForwardingDisabled {

 		log.Println("Warning: IPv4 forwarding is disabled.")

 		out.Warnings = append(out.Warnings, "IPv4 forwarding is disabled.")

 	}

@@ -12,6 +12,7 @@ import (

 	"github.com/dotcloud/docker/auth"

 	"github.com/dotcloud/docker/engine"

 	flag "github.com/dotcloud/docker/pkg/mflag"

+	"github.com/dotcloud/docker/pkg/sysinfo"

 	"github.com/dotcloud/docker/pkg/term"

 	"github.com/dotcloud/docker/registry"

 	"github.com/dotcloud/docker/utils"

@@ -1745,14 +1746,14 @@ func (cli *DockerCli) CmdTag(args ...string) error {

 }

 //FIXME Only used in tests

-func ParseRun(args []string, capabilities *Capabilities) (*Config, *HostConfig, *flag.FlagSet, error) {

+func ParseRun(args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {

 	cmd := flag.NewFlagSet("run", flag.ContinueOnError)

 	cmd.SetOutput(ioutil.Discard)

 	cmd.Usage = nil

-	return parseRun(cmd, args, capabilities)

+	return parseRun(cmd, args, sysInfo)

 }

-func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Config, *HostConfig, *flag.FlagSet, error) {

+func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {

 	var (

 		// FIXME: use utils.ListOpts for attach and volumes?

 		flAttach  = NewListOpts(ValidateAttach)

@@ -1802,7 +1803,7 @@ func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Co

 	}

 	// Check if the kernel supports memory limit cgroup.

-	if capabilities != nil && *flMemoryString != "" && !capabilities.MemoryLimit {

+	if sysInfo != nil && *flMemoryString != "" && !sysInfo.MemoryLimit {

 		*flMemoryString = ""

 	}

@@ -1934,7 +1935,7 @@ func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Co

 		PublishAllPorts: *flPublishAll,

 	}

-	if capabilities != nil && flMemory > 0 && !capabilities.SwapLimit {

+	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {

 		//fmt.Fprintf(stdout, "WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")

 		config.MemorySwap = -1

 	}

@@ -527,16 +527,16 @@ func (container *Container) Start() (err error) {

 	}

 	// Make sure the config is compatible with the current kernel

-	if container.Config.Memory > 0 && !container.runtime.capabilities.MemoryLimit {

+	if container.Config.Memory > 0 && !container.runtime.sysInfo.MemoryLimit {

 		log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n")

 		container.Config.Memory = 0

 	}

-	if container.Config.Memory > 0 && !container.runtime.capabilities.SwapLimit {

+	if container.Config.Memory > 0 && !container.runtime.sysInfo.SwapLimit {

 		log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n")

 		container.Config.MemorySwap = -1

 	}

-	if container.runtime.capabilities.IPv4ForwardingDisabled {

+	if container.runtime.sysInfo.IPv4ForwardingDisabled {

 		log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work")

 	}

@@ -1,6 +1,7 @@

 package docker

 import (

+	"github.com/dotcloud/docker/pkg/sysinfo"

 	"strings"

 	"text/template"

 )

@@ -31,7 +32,7 @@ lxc.console = none

 lxc.tty = 1

 {{if (getHostConfig .).Privileged}}

-lxc.cgroup.devices.allow = a 

+lxc.cgroup.devices.allow = a

 {{else}}

 # no implicit access to devices

 lxc.cgroup.devices.deny = a

@@ -82,7 +83,7 @@ lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts newinstanc

 lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0

 {{if (getHostConfig .).Privileged}}

-{{if (getCapabilities .).AppArmor}}

+{{if (getSysInfo .).AppArmor}}

 lxc.aa_profile = unconfined

 {{else}}

 #lxc.aa_profile = unconfined

@@ -129,8 +130,8 @@ func getHostConfig(container *Container) *HostConfig {

 	return container.hostConfig

 }

-func getCapabilities(container *Container) *Capabilities {

-	return container.runtime.capabilities

+func getSysInfo(container *Container) *sysinfo.SysInfo {

+	return container.runtime.sysInfo

 }

 func init() {

@@ -138,7 +139,7 @@ func init() {

 	funcMap := template.FuncMap{

 		"getMemorySwap":     getMemorySwap,

 		"getHostConfig":     getHostConfig,

-		"getCapabilities":   getCapabilities,

+		"getSysInfo":        getSysInfo,

 		"escapeFstabSpaces": escapeFstabSpaces,

 	}

 	LxcTemplateCompiled, err = template.New("lxc").Funcs(funcMap).Parse(LxcTemplate)

new file mode 100644

@@ -0,0 +1,55 @@

+package sysinfo

+

+import (

+	"github.com/dotcloud/docker/cgroups"

+	"github.com/dotcloud/docker/utils"

+	"io/ioutil"

+	"log"

+	"os"

+	"path"

+)

+

+type SysInfo struct {

+	MemoryLimit            bool

+	SwapLimit              bool

+	IPv4ForwardingDisabled bool

+	AppArmor               bool

+}

+

+func New(quiet bool) *SysInfo {

+	sysInfo := &SysInfo{}

+	if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil {

+		if !quiet {

+			log.Printf("WARNING: %s\n", err)

+		}

+	} else {

+		_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))

+		_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))

+		sysInfo.MemoryLimit = err1 == nil && err2 == nil

+		if !sysInfo.MemoryLimit && !quiet {

+			log.Printf("WARNING: Your kernel does not support cgroup memory limit.")

+		}

+

+		_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))

+		sysInfo.SwapLimit = err == nil

+		if !sysInfo.SwapLimit && !quiet {

+			log.Printf("WARNING: Your kernel does not support cgroup swap limit.")

+		}

+	}

+

+	content, err3 := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")

+	sysInfo.IPv4ForwardingDisabled = err3 != nil || len(content) == 0 || content[0] != '1'

+	if sysInfo.IPv4ForwardingDisabled && !quiet {

+		log.Printf("WARNING: IPv4 forwarding is disabled.")

+	}

+

+	// Check if AppArmor seems to be enabled on this system.

+	if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {

+		utils.Debugf("/sys/kernel/security/apparmor not found; assuming AppArmor is not enabled.")

+		sysInfo.AppArmor = false

+	} else {

+		utils.Debugf("/sys/kernel/security/apparmor found; assuming AppArmor is enabled.")

+		sysInfo.AppArmor = true

+	}

+	return sysInfo

+}

@@ -4,7 +4,6 @@ import (

 	"container/list"

 	"fmt"

 	"github.com/dotcloud/docker/archive"

-	"github.com/dotcloud/docker/cgroups"

 	"github.com/dotcloud/docker/execdriver"

 	"github.com/dotcloud/docker/execdriver/chroot"

 	"github.com/dotcloud/docker/execdriver/lxc"

@@ -13,10 +12,10 @@ import (

 	_ "github.com/dotcloud/docker/graphdriver/devmapper"

 	_ "github.com/dotcloud/docker/graphdriver/vfs"

 	"github.com/dotcloud/docker/pkg/graphdb"

+	"github.com/dotcloud/docker/pkg/sysinfo"

 	"github.com/dotcloud/docker/utils"

 	"io"

 	"io/ioutil"

-	"log"

 	"os"

 	"path"

 	"regexp"

@@ -37,13 +36,6 @@ var (

 	validContainerNamePattern = regexp.MustCompile(`^/?` + validContainerNameChars + `+$`)

 )

-type Capabilities struct {

-	MemoryLimit            bool

-	SwapLimit              bool

-	IPv4ForwardingDisabled bool

-	AppArmor               bool

-}

-

 type Runtime struct {

 	repository     string

 	sysInitPath    string

@@ -52,7 +44,7 @@ type Runtime struct {

 	graph          *Graph

 	repositories   *TagStore

 	idIndex        *utils.TruncIndex

-	capabilities   *Capabilities

+	sysInfo        *sysinfo.SysInfo

 	volumes        *Graph

 	srv            *Server

 	config         *DaemonConfig

@@ -332,44 +324,6 @@ func (runtime *Runtime) restore() error {

 	return nil

 }

-func NewRuntimeCapabilities(quiet bool) *Capabilities {

-	capabilities := &Capabilities{}

-	if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil {

-		if !quiet {

-			log.Printf("WARNING: %s\n", err)

-		}

-	} else {

-		_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))

-		_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))

-		capabilities.MemoryLimit = err1 == nil && err2 == nil

-		if !capabilities.MemoryLimit && !quiet {

-			log.Printf("WARNING: Your kernel does not support cgroup memory limit.")

-		}

-

-		_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))

-		capabilities.SwapLimit = err == nil

-		if !capabilities.SwapLimit && !quiet {

-			log.Printf("WARNING: Your kernel does not support cgroup swap limit.")

-		}

-	}

-

-	content, err3 := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")

-	capabilities.IPv4ForwardingDisabled = err3 != nil || len(content) == 0 || content[0] != '1'

-	if capabilities.IPv4ForwardingDisabled && !quiet {

-		log.Printf("WARNING: IPv4 forwarding is disabled.")

-	}

-

-	// Check if AppArmor seems to be enabled on this system.

-	if _, err := os.Stat("/sys/kernel/security/apparmor"); os.IsNotExist(err) {

-		utils.Debugf("/sys/kernel/security/apparmor not found; assuming AppArmor is not enabled.")

-		capabilities.AppArmor = false

-	} else {

-		utils.Debugf("/sys/kernel/security/apparmor found; assuming AppArmor is enabled.")

-		capabilities.AppArmor = true

-	}

-	return capabilities

-}

-

 // Create creates a new container from the given configuration with a given name.

 func (runtime *Runtime) Create(config *Config, name string) (*Container, []string, error) {

 	// Lookup image

@@ -732,7 +686,7 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) {

 		sysInitPath = localCopy

 	}

-	capabilities := NewRuntimeCapabilities(false)

+	sysInfo := sysinfo.New(false)

 	/*

 		temporarilly disabled.

@@ -740,14 +694,14 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) {

 	if false {

 		var ed execdriver.Driver

 		if driver := os.Getenv("EXEC_DRIVER"); driver == "lxc" {

-			ed, err = lxc.NewDriver(config.Root, capabilities.AppArmor)

+			ed, err = lxc.NewDriver(config.Root, sysInfo.AppArmor)

 		} else {

 			ed, err = chroot.NewDriver()

 		}

 		if ed != nil {

 		}

 	}

-	ed, err := lxc.NewDriver(config.Root, capabilities.AppArmor)

+	ed, err := lxc.NewDriver(config.Root, sysInfo.AppArmor)

 	if err != nil {

 		return nil, err

 	}

@@ -759,7 +713,7 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) {

 		graph:          g,

 		repositories:   repositories,

 		idIndex:        utils.NewTruncIndex(),

-		capabilities:   capabilities,

+		sysInfo:        sysInfo,

 		volumes:        volumes,

 		config:         config,

 		containerGraph: graph,

@@ -516,7 +516,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status {

 	}

 	defer file.Body.Close()

-	config, _, _, err := ParseRun([]string{img.ID, "echo", "insert", url, path}, srv.runtime.capabilities)

+	config, _, _, err := ParseRun([]string{img.ID, "echo", "insert", url, path}, srv.runtime.sysInfo)

 	if err != nil {

 		job.Error(err)

 		return engine.StatusErr

@@ -678,9 +678,9 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {

 	v.SetInt("Images", imgcount)

 	v.Set("Driver", srv.runtime.driver.String())

 	v.SetJson("DriverStatus", srv.runtime.driver.Status())

-	v.SetBool("MemoryLimit", srv.runtime.capabilities.MemoryLimit)

-	v.SetBool("SwapLimit", srv.runtime.capabilities.SwapLimit)

-	v.SetBool("IPv4Forwarding", !srv.runtime.capabilities.IPv4ForwardingDisabled)

+	v.SetBool("MemoryLimit", srv.runtime.sysInfo.MemoryLimit)

+	v.SetBool("SwapLimit", srv.runtime.sysInfo.SwapLimit)

+	v.SetBool("IPv4Forwarding", !srv.runtime.sysInfo.IPv4ForwardingDisabled)

 	v.SetBool("Debug", os.Getenv("DEBUG") != "")

 	v.SetInt("NFd", utils.GetTotalUsedFds())

 	v.SetInt("NGoroutines", runtime.NumGoroutine())

@@ -1470,10 +1470,10 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {

 		job.Errorf("Minimum memory limit allowed is 512k")

 		return engine.StatusErr

 	}

-	if config.Memory > 0 && !srv.runtime.capabilities.MemoryLimit {

+	if config.Memory > 0 && !srv.runtime.sysInfo.MemoryLimit {

 		config.Memory = 0

 	}

-	if config.Memory > 0 && !srv.runtime.capabilities.SwapLimit {

+	if config.Memory > 0 && !srv.runtime.sysInfo.SwapLimit {

 		config.MemorySwap = -1

 	}

 	container, buildWarnings, err := srv.runtime.Create(&config, name)