Граф коммитов

60 Коммитов

Автор SHA1 Сообщение Дата
Sebastiaan van Stijn e2de212339 Merge pull request #28634 from ghostplant/check_cfg_memsw
Checking whether CG_MEM_SWAP is enabled at the moment.
2017-01-27 10:49:32 +01:00
Santhosh Manohar e475136208 Update check-config.sh to include modules for FTP/TFTP
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2016-12-29 13:04:36 -08:00
Ian Campbell 49dcce7ba0 Caution against the use of CONFIG_LEGACY_VSYSCALL_NATIVE
It provides an ASLR-bypassing target with usable ROP gadgets.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2016-12-05 10:13:07 +00:00
Ian Campbell 163db04452 Check for LEGACY_VSYSCALL_* options
Chosing LEGACY_VSYSCALL_NONE (over NATIVE or EMULATE) will mean that binaries
using eglibc <= 2.13 will not run (segfault).

Fixes #28705.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2016-11-24 11:39:05 +00:00
cuiwei13 cd7496abb5 Checking whether CG_MEM_SWAP is enabled at the current system session
Signed-off-by: CUI Wei <ghostplant@qq.com>
2016-11-22 21:24:01 -05:00
Justin Cormack 228ee16df3 Fix check config script on 4.8 kernels
DEVPTS_MULTIPLE_INSTANCES is no longer an option, it is always set, so
do not check for this post 4.8.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-11-18 11:42:05 +00:00
Justin Cormack 6d116ffbbb Make the check-config script return success or failure
Although primarily a human readable script, it is quite useful
to return success or failure from this script so it can be used
as a basic test.

Fail if any check fails, including some that are optional,
other than the storage driver tests, where only one needs to
succeed, so the system has at least one workable storage driver.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-11-02 23:23:52 +00:00
Justin Cormack b28619046a Do not warn in check-config script about ext3 if provided by ext4
Many distributions now use ext4 to provide ext2 and ext3 support,
so do not warn about possibly missing ext3 support if the config
option is used.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-10-28 12:51:09 +01:00
Alessandro Boch 275013ce8b Update required modules for overlay dataplane encryption
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-10-11 14:06:55 -07:00
Charlie Drage 2fb2361b29 Add check for CONFIG_IP_NF_NAT to kernel check
This appears to be missing. NAT (via iptables) is required in order to
setup Docker networking.

Signed-off-by: Charlie Drage <charlie@charliedrage.com>
2016-10-04 12:14:45 -04:00
alexchen 4c74469d30 add check flag for CONFIG_NETFILTER_XT_MATCH_IPVS CONFIG_IP_VS_NFCT CONFIG_IP_VS_RR in contrib/check-config.sh
Signed-off-by: alexchen <alexchenunix@gmail.com>
2016-10-01 09:50:17 +08:00
Andrei Gherzan 1c886a70df check-config.sh: Add check for CONFIG_BTRFS_FS_POSIX_ACL
docker is trying to set system.posix_acl_access but using BTRFS this fails if
CONFIG_BTRFS_FS_POSIX_ACL is not activated.

Signed-off-by: Andrei Gherzan <andrei@resin.io>
2016-08-25 13:20:18 +01:00
Lei Jitang f5940ef725 Add IPVLAN and DUMMY to check-config.sh
This commit add DUMMY and IPVLAN to check-config.sh
because they are need for ipvlan and macvlan network
driver.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-07-07 21:21:57 -04:00
Brian Goff 9e14002ced Add ip_vs to check-config script
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-06-28 13:42:38 -04:00
Alessandro Boch c355e059cc Add modules for secure overlay network to check-config.sh
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-06-22 10:51:13 -07:00
Justin Cormack 4e2d98761d Begin a section in the check-config script to check limits
Initially this checks the kernel's maxkeys setting which is
low in some older distribution kernels, such that only 200 containers
can be created, reported in #22865.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-05-20 16:05:25 -07:00
Qiang Huang 27d7b135d4 Update check_config for MEMCG_KMEM
CONFIG_MEMCG_KMEM is removed since 4.6, it's accounted by default
since 4.6, so it's merged to CONFIG_MEMCG.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-16 13:55:24 +08:00
Qiang Huang 192387198d Add CONFIG_CFQ_GROUP_IOSCHED check
blkio.weight depends on this config.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-25 14:08:29 +08:00
Tianon Gravi c082dad637 Add "VXLAN" to check-config.sh
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2016-04-11 16:42:53 -07:00
Jessica Frazelle 69cf03700f
pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-08 07:55:01 -08:00
Alexander Morozov f5b4e1be6b Fix CONFIG_KEYS check in contrib/check-config.sh
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-01 10:01:12 -08:00
Alexander Morozov c1996c9245 Add CONFIG_KEYS to check-config.sh
We need this after opencontainers/runc#488

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-02-26 23:40:35 -08:00
Phil Estes 2355151556 Add check for RHEL7/CentOS7 experimental userns disabled
Add a check in `check-config.sh` to see if we are running on a RHEL7 or
CentOS7 system, which may report that CONFIG_USERNS is OK/enabled, but
user namespaces still won't work because of the experimental feature
flag added by Redhat.

This will add a warning if it is actually disabled and notes what has to
be added to the grub/boot command line to enable it.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-02-23 23:28:24 -06:00
Tianon Gravi 5c161f4e1a Update check-config.sh to use "case" instead of an associative array
This fixes Bash 3.x compatibility (where associative arrays are not available).

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2016-01-12 20:57:56 -08:00
Jessica Frazelle cde9e8bc83
update packagers.md and kernel config check
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-03 16:30:50 -08:00
Lei Jitang d475c4ddc1 Add user namespace check to check-chonfig.sh
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-11 17:26:34 +08:00
Lei Jitang cbb69531a8 Add CONFIG_BLK_DEV_THROTTLING to check-config.sh
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-08-19 15:11:04 +08:00
Qiang Huang 6c4d4c70c6 Adapt CONFIG_NETPRIO_CGROUP in check-config.sh
Fixes: #15572

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-08-14 14:38:48 +08:00
Qiang Huang fb85a99f58 Add some cgroup related config check
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-06-19 13:47:48 +08:00
Qiang Huang 0c4c830289 Add check config for ext3 file system
Some distros still use ext3 as default file system, we should check
these configs as well.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-06-19 13:45:07 +08:00
Qiang Huang 8bfc8102be Don't check RESOURCE_COUNTERS in new kernel
Closes: #13543

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-06-03 17:26:39 +08:00
Alexander Morozov 6cc4cf7c0c Add BRIDGE_NETFILTER to check-config.sh
It is needed to use network with --userland-proxy=false and for
--icc=false

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-05-22 10:46:55 -07:00
Alexander Morozov ceca037d05 Add optional CONFIG_BLK_CGROUP and CONFIG_IOSCHED_CFQ to check-config.sh
It is needed for blkio.weight support

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-05-22 10:41:29 -07:00
Qiang Huang 6e19912df9 Enhance check-config.sh
Currently check-config.sh just said enable or missing, when I used
a fresh kernel, made check-config.sh happy, still can't start
container. It take me days debuging kernel and Docker and finally
found it's because I enabled some CONFIGs as modules and never
loaded these modules.

So I think it's necessary to let check-config.sh told users which
configs are enabled as modules.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-15 10:20:31 +08:00
Jörg Thalheim d5151ca8ab Implement Docker on ZFS
Signed-off-by: Arthur Gautier <baloo@gandi.net>
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:48:20 +02:00
Evan Hazlett 3509132a6e Merge pull request #12301 from ewindisch/https_links
Use HTTPS links for URLs in READMEs / comments / docs
2015-04-13 14:30:53 -04:00
Eric Windisch df9ee6d656 Link to HTTPS urls in contrib comments/maintainers
Updates comments and dockerfile maintainer lines
to use HTTPS urls where applicable.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-04-11 13:35:08 -04:00
Lei Jitang d2d583c53b Add CFS_BANDWIDTH to check-config
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-04-11 11:39:47 +08:00
Lei Jitang a9588158b5 Add MEMCG_SWAP_ENABLED to check-config.sh
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-04-02 08:38:39 +08:00
Tianon Gravi 03de73a5e0 Add CONFIG_CPUSETS to check-config.sh
See also https://bugs.gentoo.org/show_bug.cgi?id=536546:

```console
$ docker run learn/tutorial echo "hello world"
FATA[0001] Error response from daemon: Cannot start container 1d0c0ca5cc7f39a271ec40c1479a80bffb7190fab97392b3453a1fc0b2dc8e78: mountpoint for cpuset not found
```

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-03-13 09:18:10 -06:00
Jessie Frazelle 55566f2f8f Merge pull request #10418 from bobrik/overlay-kernel-checks
Checking EXT4_FS_SECURITY for overlay
2015-02-19 14:29:17 -08:00
Lei Jitang 82fda400b8 Fix check-config.sh usage
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-02-13 19:52:11 +08:00
Ian Babrou a6c6d8bb91 Checking EXT4_FS_SECURITY and EXT4_FS_POSIX_ACL for overlay
Signed-off-by: Ian Babrou <ibobrik@gmail.com>
2015-02-05 17:41:13 +03:00
Qiang Huang aac6090f2d add args support for check-config.sh
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-01-23 16:36:55 +08:00
Tianon Gravi 8803174e4f Add CONFIG_POSIX_MQUEUE to check-config.sh
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2014-12-26 14:59:25 -07:00
Lénaïc Huard d680ca5c96 Rename the overlay storage driver
so that docker is started with `docker -d -s overlay` instead of `docker -d -s overlayfs`

Signed-off-by: Lénaïc Huard <lhuard@amadeus.com>
2014-12-03 13:57:23 +01:00
Lénaïc Huard c57317893a Rename overlayfs to overlay
Since Linux 3.18-rc6, overlayfs has been renamed overlay.

This change was introduced by the following commit in linux.git:
ef94b1864d1ed5be54376404bb23d22ed0481feb ovl: rename filesystem type to "overlay"

Signed-off-by: Lénaïc Huard <lhuard@amadeus.com>
2014-12-02 10:02:59 +01:00
Tianon Gravi 54a6e6d122 Add CONFIG_OVERLAYFS_FS to check-config.sh
Also, added some slight adjustment to the AUFS_FS output/note to make it more clear what it applies to.

Example output:
```console
$ ./contrib/check-config.sh
info: reading kernel config from /proc/config.gz ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_MACVLAN: enabled
- CONFIG_VETH: enabled
- CONFIG_BRIDGE: enabled
- CONFIG_NF_NAT_IPV4: enabled
- CONFIG_IP_NF_FILTER: enabled
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_NF_NAT_NEEDED: enabled

Optional Features:
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_RESOURCE_COUNTERS: enabled
- CONFIG_CGROUP_PERF: missing
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: missing
      (note that some kernels include AUFS patches but not the AUFS_FS flag)
    - CONFIG_EXT4_FS_POSIX_ACL: enabled
    - CONFIG_EXT4_FS_SECURITY: enabled
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
  - "devicemapper":
    - CONFIG_BLK_DEV_DM: enabled
    - CONFIG_DM_THIN_PROVISIONING: enabled
    - CONFIG_EXT4_FS: enabled
    - CONFIG_EXT4_FS_POSIX_ACL: enabled
    - CONFIG_EXT4_FS_SECURITY: enabled
  - "overlayfs":
    - CONFIG_OVERLAYFS_FS: missing
```

Signed-off-by: Andrew Page <admwiggin@gmail.com>
2014-11-18 12:20:49 -07:00
Alexandr Morozov e621f99923 Add check for IP_NF_FILTER
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-11-04 14:47:13 -08:00
Sven Dowideit b7259dc6d4 It seems that we need these 2 options enabled for both aufs and devicemapper drivers when running on EXT4 - so test for them
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
2014-09-17 17:03:58 +10:00