Skip to content

Commit

Permalink
Merge pull request moby#11882 from hqhq/hq_warn_device_cg
Browse files Browse the repository at this point in the history 
add devices cgroup check as hard requirement
  • Loading branch information
@cpuguy83
cpuguy83 committed Apr 27, 2015
2 parents 1389517 + 667b1e2 commit a07e963
Showing 1 changed file with 12 additions and 10 deletions.
22 changes: 12 additions & 10 deletions pkg/sysinfo/sysinfo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,16 @@ func New(quiet bool) *SysInfo {
sysInfo := &SysInfo{}
if cgroupMemoryMountpoint, err := cgroups.FindCgroupMountpoint("memory"); err != nil {
if !quiet {
logrus.Warnf("%v", err)
logrus.Warnf("Your kernel does not support cgroup memory limit: %v", err)
}
} else {
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.limit_in_bytes"))
_, err2 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.soft_limit_in_bytes"))
sysInfo.MemoryLimit = err1 == nil && err2 == nil
if !sysInfo.MemoryLimit && !quiet {
logrus.Warn("Your kernel does not support cgroup memory limit.")
}
// If memory cgroup is mounted, MemoryLimit is always enabled.
sysInfo.MemoryLimit = true

_, err = ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
sysInfo.SwapLimit = err == nil
_, err1 := ioutil.ReadFile(path.Join(cgroupMemoryMountpoint, "memory.memsw.limit_in_bytes"))
sysInfo.SwapLimit = err1 == nil
if !sysInfo.SwapLimit && !quiet {
logrus.Warn("Your kernel does not support cgroup swap limit.")
logrus.Warn("Your kernel does not support swap memory limit.")
}
}

Expand All @@ -58,5 +54,11 @@ func New(quiet bool) *SysInfo {
} else {
sysInfo.AppArmor = true
}

// Check if Devices cgroup is mounted, it is hard requirement for container security.
if _, err := cgroups.FindCgroupMountpoint("devices"); err != nil {
logrus.Fatalf("Error mounting devices cgroup: %v", err)
}

return sysInfo
}

0 comments on commit a07e963

Please sign in to comment.