diff --git a/api/client/build.go b/api/client/build.go index a594ee1b10..44e95fb95f 100644 --- a/api/client/build.go +++ b/api/client/build.go @@ -67,6 +67,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error { flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flBuildArg := opts.NewListOpts(opts.ValidateEnv) cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables") + isolation := cmd.String([]string{"-isolation"}, "", "Container isolation level") ulimits := make(map[string]*ulimit.Ulimit) flUlimits := opts.NewUlimitOpt(&ulimits) @@ -236,6 +237,10 @@ func (cli *DockerCli) CmdBuild(args ...string) error { v.Set("pull", "1") } + if !runconfig.IsolationLevel.IsDefault(runconfig.IsolationLevel(*isolation)) { + v.Set("isolation", *isolation) + } + v.Set("cpusetcpus", *flCPUSetCpus) v.Set("cpusetmems", *flCPUSetMems) v.Set("cpushares", strconv.FormatInt(*flCPUShares, 10)) diff --git a/api/server/router/local/image.go b/api/server/router/local/image.go index d06940d63f..0bf58f310e 100644 --- a/api/server/router/local/image.go +++ b/api/server/router/local/image.go @@ -326,6 +326,13 @@ func (s *router) postBuild(ctx context.Context, w http.ResponseWriter, r *http.R buildConfig.CPUSetMems = r.FormValue("cpusetmems") buildConfig.CgroupParent = r.FormValue("cgroupparent") + if i := runconfig.IsolationLevel(r.FormValue("isolation")); i != "" { + if !runconfig.IsolationLevel.IsValid(i) { + return errf(fmt.Errorf("Unsupported isolation: %q", i)) + } + buildConfig.Isolation = i + } + var buildUlimits = []*ulimit.Ulimit{} ulimitsJSON := r.FormValue("ulimits") if ulimitsJSON != "" { diff --git a/builder/dockerfile/builder.go b/builder/dockerfile/builder.go index 9dca0507f4..0ad257de4e 100644 --- a/builder/dockerfile/builder.go +++ b/builder/dockerfile/builder.go @@ -54,6 +54,7 @@ type Config struct { ForceRemove bool Pull bool BuildArgs map[string]string // build-time args received in build context for expansion/substitution and commands in 'run'. + Isolation runconfig.IsolationLevel // resource constraints // TODO: factor out to be reused with Run ? diff --git a/builder/dockerfile/internals.go b/builder/dockerfile/internals.go index 0464766cd7..2162cfdc7c 100644 --- a/builder/dockerfile/internals.go +++ b/builder/dockerfile/internals.go @@ -514,6 +514,7 @@ func (b *Builder) create() (*daemon.Container, error) { Memory: b.Memory, MemorySwap: b.MemorySwap, Ulimits: b.Ulimits, + Isolation: b.Isolation, } config := *b.runConfig diff --git a/runconfig/parse.go b/runconfig/parse.go index 0ea7d9fd95..6c1ab51741 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -103,7 +103,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flVolumeDriver = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container") flStopSignal = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal)) - flIsolation = cmd.String([]string{"-isolation"}, "default", "Container isolation level") + flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation level") ) cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR")