From 3ffe69d3e45f95f01035b77d77651d218c6ab591 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Mon, 30 Nov 2015 13:10:18 +0800 Subject: [PATCH 1/2] Move security opt adaption to adapt function Signed-off-by: Qiang Huang Upstream-commit: 1415f55cc09230e19ca3110af7174baa3f5569ba Component: engine --- components/engine/daemon/create.go | 17 +++++++---------- components/engine/daemon/daemon_unix.go | 15 ++++++++++----- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go index 484952108a..b5522567e0 100644 --- a/components/engine/daemon/create.go +++ b/components/engine/daemon/create.go @@ -31,7 +31,13 @@ func (daemon *Daemon) ContainerCreate(params *ContainerCreateConfig) (types.Cont return types.ContainerCreateResponse{ID: "", Warnings: warnings}, err } - daemon.adaptContainerSettings(params.HostConfig, params.AdjustCPUShares) + if params.HostConfig == nil { + params.HostConfig = &runconfig.HostConfig{} + } + err = daemon.adaptContainerSettings(params.HostConfig, params.AdjustCPUShares) + if err != nil { + return types.ContainerCreateResponse{ID: "", Warnings: warnings}, err + } container, err := daemon.create(params) if err != nil { @@ -62,15 +68,6 @@ func (daemon *Daemon) create(params *ContainerCreateConfig) (retC *Container, re return nil, err } - if params.HostConfig == nil { - params.HostConfig = &runconfig.HostConfig{} - } - if params.HostConfig.SecurityOpt == nil { - params.HostConfig.SecurityOpt, err = daemon.generateSecurityOpt(params.HostConfig.IpcMode, params.HostConfig.PidMode) - if err != nil { - return nil, err - } - } if container, err = daemon.newContainer(params.Name, params.Config, imgID); err != nil { return nil, err } diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index daddd098f3..2a4e7dcae6 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -112,11 +112,7 @@ func checkKernel() error { // adaptContainerSettings is called during container creation to modify any // settings necessary in the HostConfig structure. -func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, adjustCPUShares bool) { - if hostConfig == nil { - return - } - +func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, adjustCPUShares bool) error { if adjustCPUShares && hostConfig.CPUShares > 0 { // Handle unsupported CPUShares if hostConfig.CPUShares < linuxMinCPUShares { @@ -135,6 +131,15 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, a shmSize := runconfig.DefaultSHMSize hostConfig.ShmSize = &shmSize } + var err error + if hostConfig.SecurityOpt == nil { + hostConfig.SecurityOpt, err = daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode) + if err != nil { + return err + } + } + + return nil } // verifyPlatformContainerSettings performs platform-specific validation of the From b52058194c2bafec34302c055e65e964cab8f9ae Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 2 Dec 2015 10:53:52 +0800 Subject: [PATCH 2/2] Set default MemorySwappiness when adapt It makes the inspect result consistent between cli and REST api when MemorySwappiness is not set. Signed-off-by: Qiang Huang Upstream-commit: 4089b4e4400d44f7c0a5b15065c70228f10ebf0c Component: engine --- components/engine/daemon/container_unix.go | 6 +----- components/engine/daemon/daemon_unix.go | 4 ++++ components/engine/daemon/daemon_windows.go | 6 ++++-- components/engine/daemon/start.go | 3 +++ .../engine/integration-cli/docker_api_containers_test.go | 4 ++-- 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/components/engine/daemon/container_unix.go b/components/engine/daemon/container_unix.go index cd2c5d22c2..54efcf6e8c 100644 --- a/components/engine/daemon/container_unix.go +++ b/components/engine/daemon/container_unix.go @@ -296,11 +296,7 @@ func (daemon *Daemon) populateCommand(c *Container, env []string) error { Rlimits: rlimits, BlkioWeightDevice: weightDevices, OomKillDisable: c.hostConfig.OomKillDisable, - MemorySwappiness: -1, - } - - if c.hostConfig.MemorySwappiness != nil { - resources.MemorySwappiness = *c.hostConfig.MemorySwappiness + MemorySwappiness: *c.hostConfig.MemorySwappiness, } processConfig := execdriver.ProcessConfig{ diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index 2a4e7dcae6..1b76757883 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -138,6 +138,10 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, a return err } } + if hostConfig.MemorySwappiness == nil { + defaultSwappiness := int64(-1) + hostConfig.MemorySwappiness = &defaultSwappiness + } return nil } diff --git a/components/engine/daemon/daemon_windows.go b/components/engine/daemon/daemon_windows.go index 2b887b98a9..d4a894d5fa 100644 --- a/components/engine/daemon/daemon_windows.go +++ b/components/engine/daemon/daemon_windows.go @@ -48,9 +48,9 @@ func checkKernel() error { // adaptContainerSettings is called during container creation to modify any // settings necessary in the HostConfig structure. -func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, adjustCPUShares bool) { +func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, adjustCPUShares bool) error { if hostConfig == nil { - return + return nil } if hostConfig.CPUShares < 0 { @@ -60,6 +60,8 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *runconfig.HostConfig, a logrus.Warnf("Changing requested CPUShares of %d to maximum allowed of %d", hostConfig.CPUShares, windowsMaxCPUShares) hostConfig.CPUShares = windowsMaxCPUShares } + + return nil } // verifyPlatformContainerSettings performs platform-specific validation of the diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go index a8545de122..6edc19191b 100644 --- a/components/engine/daemon/start.go +++ b/components/engine/daemon/start.go @@ -36,6 +36,9 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *runconfig.HostConf return err } container.Unlock() + if err := daemon.adaptContainerSettings(hostConfig, false); err != nil { + return err + } if err := daemon.setHostConfig(container, hostConfig); err != nil { return err } diff --git a/components/engine/integration-cli/docker_api_containers_test.go b/components/engine/integration-cli/docker_api_containers_test.go index 22e30e4b67..b1b5488822 100644 --- a/components/engine/integration-cli/docker_api_containers_test.go +++ b/components/engine/integration-cli/docker_api_containers_test.go @@ -1434,7 +1434,7 @@ func (s *DockerSuite) TestPostContainersCreateShmSizeHostConfigOmitted(c *check. var containerJSON types.ContainerJSON c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil) - c.Assert(containerJSON.HostConfig.ShmSize, check.IsNil) + c.Assert(*containerJSON.HostConfig.ShmSize, check.Equals, runconfig.DefaultSHMSize) out, _ := dockerCmd(c, "start", "-i", containerJSON.ID) shmRegexp := regexp.MustCompile(`shm on /dev/shm type tmpfs(.*)size=65536k`) @@ -1522,5 +1522,5 @@ func (s *DockerSuite) TestPostContainersCreateMemorySwappinessHostConfigOmitted( var containerJSON types.ContainerJSON c.Assert(json.Unmarshal(body, &containerJSON), check.IsNil) - c.Assert(containerJSON.HostConfig.MemorySwappiness, check.IsNil) + c.Assert(*containerJSON.HostConfig.MemorySwappiness, check.Equals, int64(-1)) }