Browse code
Added validation of isolation settings on daemon.verifyContainerSettings
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Simon Ferquel authored on 2017/11/14 22:36:25Showing 3 changed files
| ... | ... |
@@ -329,6 +329,10 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta |
| 329 | 329 |
return nil, errors.Errorf("invalid restart policy '%s'", p.Name)
|
| 330 | 330 |
} |
| 331 | 331 |
|
| 332 |
+ if !hostConfig.Isolation.IsValid() {
|
|
| 333 |
+ return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
|
| 334 |
+ } |
|
| 335 |
+ |
|
| 332 | 336 |
// Now do platform-specific verification |
| 333 | 337 |
return verifyPlatformContainerSettings(daemon, hostConfig, config, update) |
| 334 | 338 |
} |
| ... | ... |
@@ -157,3 +157,10 @@ func TestTmpfsDevShmSizeOverride(t *testing.T) {
|
| 157 | 157 |
t.Fatal("/dev/shm not found in spec, or size option missing")
|
| 158 | 158 |
} |
| 159 | 159 |
} |
| 160 |
+ |
|
| 161 |
+func TestValidateContainerIsolationLinux(t *testing.T) {
|
|
| 162 |
+ d := Daemon{}
|
|
| 163 |
+ |
|
| 164 |
+ _, err := d.verifyContainerSettings("linux", &containertypes.HostConfig{Isolation: containertypes.IsolationHyperV}, nil, false)
|
|
| 165 |
+ assert.EqualError(t, err, "invalid isolation 'hyperv' on linux") |
|
| 166 |
+} |
| ... | ... |
@@ -4,6 +4,7 @@ import ( |
| 4 | 4 |
"io/ioutil" |
| 5 | 5 |
"os" |
| 6 | 6 |
"path/filepath" |
| 7 |
+ "runtime" |
|
| 7 | 8 |
"testing" |
| 8 | 9 |
|
| 9 | 10 |
containertypes "github.com/docker/docker/api/types/container" |
| ... | ... |
@@ -16,6 +17,7 @@ import ( |
| 16 | 16 |
"github.com/docker/docker/volume/local" |
| 17 | 17 |
"github.com/docker/docker/volume/store" |
| 18 | 18 |
"github.com/docker/go-connections/nat" |
| 19 |
+ "github.com/stretchr/testify/assert" |
|
| 19 | 20 |
) |
| 20 | 21 |
|
| 21 | 22 |
// |
| ... | ... |
@@ -302,3 +304,10 @@ func TestMerge(t *testing.T) {
|
| 302 | 302 |
} |
| 303 | 303 |
} |
| 304 | 304 |
} |
| 305 |
+ |
|
| 306 |
+func TestValidateContainerIsolation(t *testing.T) {
|
|
| 307 |
+ d := Daemon{}
|
|
| 308 |
+ |
|
| 309 |
+ _, err := d.verifyContainerSettings(runtime.GOOS, &containertypes.HostConfig{Isolation: containertypes.Isolation("invalid")}, nil, false)
|
|
| 310 |
+ assert.EqualError(t, err, "invalid isolation 'invalid' on "+runtime.GOOS) |
|
| 311 |
+} |