Merge pull request moby#4 from xmj/freebsd-compat

Continue FreeBSD WIP
tussennet · Jan 2, 2018 · 969c6fd · 969c6fd
2 parents 52d67c9 + bbbc108
commit 969c6fd
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 41 deletions.
diff --git a/daemon/daemon_freebsd.go b/daemon/daemon_freebsd.go
@@ -35,3 +35,11 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) {
 func (daemon *Daemon) initCgroupsPath(path string) error {
     return nil
 }
+
+func (daemon *Daemon) setupSeccompProfile() error {
+	return nil
+}
+
+func setupDaemonProcess(config *config.Config) error {
+	return nil
+}
diff --git a/daemon/daemon_linux.go b/daemon/daemon_linux.go
@@ -15,6 +15,7 @@ import (
 	"github.com/golang/protobuf/ptypes"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/vishvananda/netlink"
+	rsystem "github.com/opencontainers/runc/libcontainer/system"
 )
 
 // On Linux, plugins use a static path for storing execution state,
@@ -326,3 +327,43 @@ func (daemon *Daemon) initCgroupsPath(path string) error {
 	}
 	return nil
 }
+
+// setupDaemonProcess sets various settings for the daemon's process
+func setupDaemonProcess(config *config.Config) error {
+	// setup the daemons oom_score_adj
+	return setupOOMScoreAdj(config.OOMScoreAdjust)
+}
+
+func setupOOMScoreAdj(score int) error {
+	f, err := os.OpenFile("/proc/self/oom_score_adj", os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	stringScore := strconv.Itoa(score)
+	_, err = f.WriteString(stringScore)
+	if os.IsPermission(err) {
+		// Setting oom_score_adj does not work in an
+		// unprivileged container. Ignore the error, but log
+		// it if we appear not to be in that situation.
+		if !rsystem.RunningInUserNS() {
+			logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore)
+		}
+		return nil
+	}
+
+	return err
+}
+
+func (daemon *Daemon) setupSeccompProfile() error {
+	if daemon.configStore.SeccompProfile != "" {
+		daemon.seccompProfilePath = daemon.configStore.SeccompProfile
+		b, err := ioutil.ReadFile(daemon.configStore.SeccompProfile)
+		if err != nil {
+			return fmt.Errorf("opening seccomp profile (%s) failed: %v", daemon.configStore.SeccompProfile, err)
+		}
+		daemon.seccompProfile = b
+	}
+	return nil
+}
+
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
@@ -36,7 +36,6 @@ import (
 	"github.com/docker/libnetwork/netlabel"
 	"github.com/docker/libnetwork/options"
 	"github.com/opencontainers/runc/libcontainer/label"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -1021,33 +1020,6 @@ func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
 	}
 }
 
-// setupDaemonProcess sets various settings for the daemon's process
-func setupDaemonProcess(config *config.Config) error {
-	// setup the daemons oom_score_adj
-	return setupOOMScoreAdj(config.OOMScoreAdjust)
-}
-
-func setupOOMScoreAdj(score int) error {
-	f, err := os.OpenFile("/proc/self/oom_score_adj", os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	stringScore := strconv.Itoa(score)
-	_, err = f.WriteString(stringScore)
-	if os.IsPermission(err) {
-		// Setting oom_score_adj does not work in an
-		// unprivileged container. Ignore the error, but log
-		// it if we appear not to be in that situation.
-		if !rsystem.RunningInUserNS() {
-			logrus.Debugf("Permission denied writing %q to /proc/self/oom_score_adj", stringScore)
-		}
-		return nil
-	}
-
-	return err
-}
-
 func maybeCreateCPURealTimeFile(sysinfoPresent bool, configValue int64, file string, path string) error {
 	if sysinfoPresent && configValue != 0 {
 		if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
@@ -1060,14 +1032,3 @@ func maybeCreateCPURealTimeFile(sysinfoPresent bool, configValue int64, file str
 	return nil
 }
 
-func (daemon *Daemon) setupSeccompProfile() error {
-	if daemon.configStore.SeccompProfile != "" {
-		daemon.seccompProfilePath = daemon.configStore.SeccompProfile
-		b, err := ioutil.ReadFile(daemon.configStore.SeccompProfile)
-		if err != nil {
-			return fmt.Errorf("opening seccomp profile (%s) failed: %v", daemon.configStore.SeccompProfile, err)
-		}
-		daemon.seccompProfile = b
-	}
-	return nil
-}
diff --git a/pkg/parsers/operatingsystem/operatingsystem_freebsd.go b/pkg/parsers/operatingsystem/operatingsystem_freebsd.go
@@ -0,0 +1,31 @@
+// +build freebsd
+
+package operatingsystem
+
+import (
+	"errors"
+	"os/exec"
+	"syscall"
+)
+
+// GetOperatingSystem gets the name of the current operating system.
+func GetOperatingSystem() (string, error) {
+	cmd := exec.Command("uname", "-s")
+	osName, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+	return string(osName), nil
+}
+
+// IsContainerized returns true if we are running inside a container.
+func IsContainerized() (bool, error) {
+	jailed, err := syscall.Sysctl("security.jail.jailed")
+	if err != nil {
+		return false, errors.New("Cannot detect if we are in a jail")
+	}
+	if jailed[0] == 1 {
+		return true, nil
+	}
+	return false, nil
+}
diff --git a/pkg/parsers/operatingsystem/operatingsystem_unix.go b/pkg/parsers/operatingsystem/operatingsystem_unix.go
@@ -1,4 +1,4 @@
-// +build freebsd darwin
+// +build darwin
 
 package operatingsystem
 
@@ -20,6 +20,5 @@ func GetOperatingSystem() (string, error) {
 // IsContainerized returns true if we are running inside a container.
 // No-op on FreeBSD and Darwin, always returns false.
 func IsContainerized() (bool, error) {
-	// TODO: Implement jail detection for freeBSD
 	return false, errors.New("Cannot detect if we are in container")
 }