diff --git a/vendor/BUILD b/vendor/BUILD index 0e4d98d074b..5e61adb4401 100644 --- a/vendor/BUILD +++ b/vendor/BUILD @@ -116,9 +116,8 @@ filegroup( "//vendor/github.com/docker/docker/errdefs:all-srcs", "//vendor/github.com/docker/docker/pkg/jsonmessage:all-srcs", "//vendor/github.com/docker/docker/pkg/mount:all-srcs", - "//vendor/github.com/docker/docker/pkg/parsers:all-srcs", + "//vendor/github.com/docker/docker/pkg/parsers/operatingsystem:all-srcs", "//vendor/github.com/docker/docker/pkg/stdcopy:all-srcs", - "//vendor/github.com/docker/docker/pkg/sysinfo:all-srcs", "//vendor/github.com/docker/docker/pkg/term:all-srcs", "//vendor/github.com/docker/go-connections/nat:all-srcs", "//vendor/github.com/docker/go-connections/sockets:all-srcs", diff --git a/vendor/github.com/docker/docker/pkg/parsers/BUILD b/vendor/github.com/docker/docker/pkg/parsers/BUILD deleted file mode 100644 index c9cc4340f9c..00000000000 --- a/vendor/github.com/docker/docker/pkg/parsers/BUILD +++ /dev/null @@ -1,26 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library") - -go_library( - name = "go_default_library", - srcs = ["parsers.go"], - importmap = "k8s.io/kubernetes/vendor/github.com/docker/docker/pkg/parsers", - importpath = "github.com/docker/docker/pkg/parsers", - visibility = ["//visibility:public"], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [ - ":package-srcs", - "//vendor/github.com/docker/docker/pkg/parsers/operatingsystem:all-srcs", - ], - tags = ["automanaged"], - visibility = ["//visibility:public"], -) diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers.go b/vendor/github.com/docker/docker/pkg/parsers/parsers.go deleted file mode 100644 index 068e5248074..00000000000 --- a/vendor/github.com/docker/docker/pkg/parsers/parsers.go +++ /dev/null @@ -1,97 +0,0 @@ -// Package parsers provides helper functions to parse and validate different type -// of string. It can be hosts, unix addresses, tcp addresses, filters, kernel -// operating system versions. -package parsers // import "github.com/docker/docker/pkg/parsers" - -import ( - "fmt" - "strconv" - "strings" -) - -// ParseKeyValueOpt parses and validates the specified string as a key/value pair (key=value) -func ParseKeyValueOpt(opt string) (string, string, error) { - parts := strings.SplitN(opt, "=", 2) - if len(parts) != 2 { - return "", "", fmt.Errorf("Unable to parse key/value option: %s", opt) - } - return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil -} - -// ParseUintListMaximum parses and validates the specified string as the value -// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be -// one of the formats below. Note that duplicates are actually allowed in the -// input string. It returns a `map[int]bool` with available elements from `val` -// set to `true`. Values larger than `maximum` cause an error if max is non zero, -// in order to stop the map becoming excessively large. -// Supported formats: -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 -func ParseUintListMaximum(val string, maximum int) (map[int]bool, error) { - return parseUintList(val, maximum) -} - -// ParseUintList parses and validates the specified string as the value -// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be -// one of the formats below. Note that duplicates are actually allowed in the -// input string. It returns a `map[int]bool` with available elements from `val` -// set to `true`. -// Supported formats: -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 -func ParseUintList(val string) (map[int]bool, error) { - return parseUintList(val, 0) -} - -func parseUintList(val string, maximum int) (map[int]bool, error) { - if val == "" { - return map[int]bool{}, nil - } - - availableInts := make(map[int]bool) - split := strings.Split(val, ",") - errInvalidFormat := fmt.Errorf("invalid format: %s", val) - - for _, r := range split { - if !strings.Contains(r, "-") { - v, err := strconv.Atoi(r) - if err != nil { - return nil, errInvalidFormat - } - if maximum != 0 && v > maximum { - return nil, fmt.Errorf("value of out range, maximum is %d", maximum) - } - availableInts[v] = true - } else { - split := strings.SplitN(r, "-", 2) - min, err := strconv.Atoi(split[0]) - if err != nil { - return nil, errInvalidFormat - } - max, err := strconv.Atoi(split[1]) - if err != nil { - return nil, errInvalidFormat - } - if max < min { - return nil, errInvalidFormat - } - if maximum != 0 && max > maximum { - return nil, fmt.Errorf("value of out range, maximum is %d", maximum) - } - for i := min; i <= max; i++ { - availableInts[i] = true - } - } - } - return availableInts, nil -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/BUILD b/vendor/github.com/docker/docker/pkg/sysinfo/BUILD deleted file mode 100644 index 584f4cad173..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/BUILD +++ /dev/null @@ -1,49 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library") - -go_library( - name = "go_default_library", - srcs = [ - "numcpu.go", - "numcpu_linux.go", - "numcpu_windows.go", - "sysinfo.go", - "sysinfo_linux.go", - "sysinfo_unix.go", - "sysinfo_windows.go", - ], - importmap = "k8s.io/kubernetes/vendor/github.com/docker/docker/pkg/sysinfo", - importpath = "github.com/docker/docker/pkg/sysinfo", - visibility = ["//visibility:public"], - deps = [ - "//vendor/github.com/docker/docker/pkg/parsers:go_default_library", - ] + select({ - "@io_bazel_rules_go//go/platform:android": [ - "//vendor/github.com/opencontainers/runc/libcontainer/cgroups:go_default_library", - "//vendor/github.com/sirupsen/logrus:go_default_library", - "//vendor/golang.org/x/sys/unix:go_default_library", - ], - "@io_bazel_rules_go//go/platform:linux": [ - "//vendor/github.com/opencontainers/runc/libcontainer/cgroups:go_default_library", - "//vendor/github.com/sirupsen/logrus:go_default_library", - "//vendor/golang.org/x/sys/unix:go_default_library", - ], - "@io_bazel_rules_go//go/platform:windows": [ - "//vendor/golang.org/x/sys/windows:go_default_library", - ], - "//conditions:default": [], - }), -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], - visibility = ["//visibility:public"], -) diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/README.md b/vendor/github.com/docker/docker/pkg/sysinfo/README.md deleted file mode 100644 index c1530cef0da..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/README.md +++ /dev/null @@ -1 +0,0 @@ -SysInfo stores information about which features a kernel supports. diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go deleted file mode 100644 index eea2d25bf94..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go +++ /dev/null @@ -1,12 +0,0 @@ -// +build !linux,!windows - -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "runtime" -) - -// NumCPU returns the number of CPUs -func NumCPU() int { - return runtime.NumCPU() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go deleted file mode 100644 index 5f6c6df8c48..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go +++ /dev/null @@ -1,42 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "runtime" - "unsafe" - - "golang.org/x/sys/unix" -) - -// numCPU queries the system for the count of threads available -// for use to this process. -// -// Issues two syscalls. -// Returns 0 on errors. Use |runtime.NumCPU| in that case. -func numCPU() int { - // Gets the affinity mask for a process: The very one invoking this function. - pid, _, _ := unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0) - - var mask [1024 / 64]uintptr - _, _, err := unix.RawSyscall(unix.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0]))) - if err != 0 { - return 0 - } - - // For every available thread a bit is set in the mask. - ncpu := 0 - for _, e := range mask { - if e == 0 { - continue - } - ncpu += int(popcnt(uint64(e))) - } - return ncpu -} - -// NumCPU returns the number of CPUs which are currently online -func NumCPU() int { - if ncpu := numCPU(); ncpu > 0 { - return ncpu - } - return runtime.NumCPU() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go deleted file mode 100644 index 13523f671f1..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go +++ /dev/null @@ -1,35 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "runtime" - "unsafe" - - "golang.org/x/sys/windows" -) - -var ( - kernel32 = windows.NewLazySystemDLL("kernel32.dll") - getCurrentProcess = kernel32.NewProc("GetCurrentProcess") - getProcessAffinityMask = kernel32.NewProc("GetProcessAffinityMask") -) - -func numCPU() int { - // Gets the affinity mask for a process - var mask, sysmask uintptr - currentProcess, _, _ := getCurrentProcess.Call() - ret, _, _ := getProcessAffinityMask.Call(currentProcess, uintptr(unsafe.Pointer(&mask)), uintptr(unsafe.Pointer(&sysmask))) - if ret == 0 { - return 0 - } - // For every available thread a bit is set in the mask. - ncpu := int(popcnt(uint64(mask))) - return ncpu -} - -// NumCPU returns the number of CPUs which are currently online -func NumCPU() int { - if ncpu := numCPU(); ncpu > 0 { - return ncpu - } - return runtime.NumCPU() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go deleted file mode 100644 index 5fa5a5628c0..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go +++ /dev/null @@ -1,155 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import "github.com/docker/docker/pkg/parsers" - -// SysInfo stores information about which features a kernel supports. -// TODO Windows: Factor out platform specific capabilities. -type SysInfo struct { - // Whether the kernel supports AppArmor or not - AppArmor bool - // Whether the kernel supports Seccomp or not - Seccomp bool - - cgroupMemInfo - cgroupCPUInfo - cgroupBlkioInfo - cgroupCpusetInfo - cgroupPids - - // Whether IPv4 forwarding is supported or not, if this was disabled, networking will not work - IPv4ForwardingDisabled bool - - // Whether bridge-nf-call-iptables is supported or not - BridgeNFCallIPTablesDisabled bool - - // Whether bridge-nf-call-ip6tables is supported or not - BridgeNFCallIP6TablesDisabled bool - - // Whether the cgroup has the mountpoint of "devices" or not - CgroupDevicesEnabled bool -} - -type cgroupMemInfo struct { - // Whether memory limit is supported or not - MemoryLimit bool - - // Whether swap limit is supported or not - SwapLimit bool - - // Whether soft limit is supported or not - MemoryReservation bool - - // Whether OOM killer disable is supported or not - OomKillDisable bool - - // Whether memory swappiness is supported or not - MemorySwappiness bool - - // Whether kernel memory limit is supported or not - KernelMemory bool - - // Whether kernel memory TCP limit is supported or not - KernelMemoryTCP bool -} - -type cgroupCPUInfo struct { - // Whether CPU shares is supported or not - CPUShares bool - - // Whether CPU CFS(Completely Fair Scheduler) period is supported or not - CPUCfsPeriod bool - - // Whether CPU CFS(Completely Fair Scheduler) quota is supported or not - CPUCfsQuota bool - - // Whether CPU real-time period is supported or not - CPURealtimePeriod bool - - // Whether CPU real-time runtime is supported or not - CPURealtimeRuntime bool -} - -type cgroupBlkioInfo struct { - // Whether Block IO weight is supported or not - BlkioWeight bool - - // Whether Block IO weight_device is supported or not - BlkioWeightDevice bool - - // Whether Block IO read limit in bytes per second is supported or not - BlkioReadBpsDevice bool - - // Whether Block IO write limit in bytes per second is supported or not - BlkioWriteBpsDevice bool - - // Whether Block IO read limit in IO per second is supported or not - BlkioReadIOpsDevice bool - - // Whether Block IO write limit in IO per second is supported or not - BlkioWriteIOpsDevice bool -} - -type cgroupCpusetInfo struct { - // Whether Cpuset is supported or not - Cpuset bool - - // Available Cpuset's cpus - Cpus string - - // Available Cpuset's memory nodes - Mems string -} - -type cgroupPids struct { - // Whether Pids Limit is supported or not - PidsLimit bool -} - -// IsCpusetCpusAvailable returns `true` if the provided string set is contained -// in cgroup's cpuset.cpus set, `false` otherwise. -// If error is not nil a parsing error occurred. -func (c cgroupCpusetInfo) IsCpusetCpusAvailable(provided string) (bool, error) { - return isCpusetListAvailable(provided, c.Cpus) -} - -// IsCpusetMemsAvailable returns `true` if the provided string set is contained -// in cgroup's cpuset.mems set, `false` otherwise. -// If error is not nil a parsing error occurred. -func (c cgroupCpusetInfo) IsCpusetMemsAvailable(provided string) (bool, error) { - return isCpusetListAvailable(provided, c.Mems) -} - -func isCpusetListAvailable(provided, available string) (bool, error) { - parsedAvailable, err := parsers.ParseUintList(available) - if err != nil { - return false, err - } - // 8192 is the normal maximum number of CPUs in Linux, so accept numbers up to this - // or more if we actually have more CPUs. - max := 8192 - for m := range parsedAvailable { - if m > max { - max = m - } - } - parsedProvided, err := parsers.ParseUintListMaximum(provided, max) - if err != nil { - return false, err - } - for k := range parsedProvided { - if !parsedAvailable[k] { - return false, nil - } - } - return true, nil -} - -// Returns bit count of 1, used by NumCPU -func popcnt(x uint64) (n byte) { - x -= (x >> 1) & 0x5555555555555555 - x = (x>>2)&0x3333333333333333 + x&0x3333333333333333 - x += x >> 4 - x &= 0x0f0f0f0f0f0f0f0f - x *= 0x0101010101010101 - return byte(x >> 56) -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go deleted file mode 100644 index 7b36d6d1307..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go +++ /dev/null @@ -1,277 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "fmt" - "io/ioutil" - "os" - "path" - "strings" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" -) - -func findCgroupMountpoints() (map[string]string, error) { - cgMounts, err := cgroups.GetCgroupMounts(false) - if err != nil { - return nil, fmt.Errorf("Failed to parse cgroup information: %v", err) - } - mps := make(map[string]string) - for _, m := range cgMounts { - for _, ss := range m.Subsystems { - mps[ss] = m.Mountpoint - } - } - return mps, nil -} - -type infoCollector func(info *SysInfo, cgMounts map[string]string) (warnings []string) - -// New returns a new SysInfo, using the filesystem to detect which features -// the kernel supports. If `quiet` is `false` warnings are printed in logs -// whenever an error occurs or misconfigurations are present. -func New(quiet bool) *SysInfo { - var ops []infoCollector - var warnings []string - sysInfo := &SysInfo{} - cgMounts, err := findCgroupMountpoints() - if err != nil { - logrus.Warn(err) - } else { - ops = append(ops, []infoCollector{ - applyMemoryCgroupInfo, - applyCPUCgroupInfo, - applyBlkioCgroupInfo, - applyCPUSetCgroupInfo, - applyPIDSCgroupInfo, - applyDevicesCgroupInfo, - }...) - } - - ops = append(ops, []infoCollector{ - applyNetworkingInfo, - applyAppArmorInfo, - applySeccompInfo, - }...) - - for _, o := range ops { - w := o(sysInfo, cgMounts) - warnings = append(warnings, w...) - } - if !quiet { - for _, w := range warnings { - logrus.Warn(w) - } - } - return sysInfo -} - -// applyMemoryCgroupInfo reads the memory information from the memory cgroup mount point. -func applyMemoryCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { - var warnings []string - mountPoint, ok := cgMounts["memory"] - if !ok { - warnings = append(warnings, "Your kernel does not support cgroup memory limit") - return warnings - } - info.MemoryLimit = ok - - info.SwapLimit = cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes") - if !info.SwapLimit { - warnings = append(warnings, "Your kernel does not support swap memory limit") - } - info.MemoryReservation = cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes") - if !info.MemoryReservation { - warnings = append(warnings, "Your kernel does not support memory reservation") - } - info.OomKillDisable = cgroupEnabled(mountPoint, "memory.oom_control") - if !info.OomKillDisable { - warnings = append(warnings, "Your kernel does not support oom control") - } - info.MemorySwappiness = cgroupEnabled(mountPoint, "memory.swappiness") - if !info.MemorySwappiness { - warnings = append(warnings, "Your kernel does not support memory swappiness") - } - info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes") - if !info.KernelMemory { - warnings = append(warnings, "Your kernel does not support kernel memory limit") - } - info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes") - if !info.KernelMemoryTCP { - warnings = append(warnings, "Your kernel does not support kernel memory TCP limit") - } - - return warnings -} - -// applyCPUCgroupInfo reads the cpu information from the cpu cgroup mount point. -func applyCPUCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { - var warnings []string - mountPoint, ok := cgMounts["cpu"] - if !ok { - warnings = append(warnings, "Unable to find cpu cgroup in mounts") - return warnings - } - - info.CPUShares = cgroupEnabled(mountPoint, "cpu.shares") - if !info.CPUShares { - warnings = append(warnings, "Your kernel does not support cgroup cpu shares") - } - - info.CPUCfsPeriod = cgroupEnabled(mountPoint, "cpu.cfs_period_us") - if !info.CPUCfsPeriod { - warnings = append(warnings, "Your kernel does not support cgroup cfs period") - } - - info.CPUCfsQuota = cgroupEnabled(mountPoint, "cpu.cfs_quota_us") - if !info.CPUCfsQuota { - warnings = append(warnings, "Your kernel does not support cgroup cfs quotas") - } - - info.CPURealtimePeriod = cgroupEnabled(mountPoint, "cpu.rt_period_us") - if !info.CPURealtimePeriod { - warnings = append(warnings, "Your kernel does not support cgroup rt period") - } - - info.CPURealtimeRuntime = cgroupEnabled(mountPoint, "cpu.rt_runtime_us") - if !info.CPURealtimeRuntime { - warnings = append(warnings, "Your kernel does not support cgroup rt runtime") - } - - return warnings -} - -// applyBlkioCgroupInfo reads the blkio information from the blkio cgroup mount point. -func applyBlkioCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { - var warnings []string - mountPoint, ok := cgMounts["blkio"] - if !ok { - warnings = append(warnings, "Unable to find blkio cgroup in mounts") - return warnings - } - - info.BlkioWeight = cgroupEnabled(mountPoint, "blkio.weight") - if !info.BlkioWeight { - warnings = append(warnings, "Your kernel does not support cgroup blkio weight") - } - - info.BlkioWeightDevice = cgroupEnabled(mountPoint, "blkio.weight_device") - if !info.BlkioWeightDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio weight_device") - } - - info.BlkioReadBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device") - if !info.BlkioReadBpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.read_bps_device") - } - - info.BlkioWriteBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device") - if !info.BlkioWriteBpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.write_bps_device") - } - info.BlkioReadIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device") - if !info.BlkioReadIOpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.read_iops_device") - } - - info.BlkioWriteIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device") - if !info.BlkioWriteIOpsDevice { - warnings = append(warnings, "Your kernel does not support cgroup blkio throttle.write_iops_device") - } - - return warnings -} - -// applyCPUSetCgroupInfo reads the cpuset information from the cpuset cgroup mount point. -func applyCPUSetCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { - var warnings []string - mountPoint, ok := cgMounts["cpuset"] - if !ok { - warnings = append(warnings, "Unable to find cpuset cgroup in mounts") - return warnings - } - info.Cpuset = ok - - var err error - - cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus")) - if err != nil { - return warnings - } - info.Cpus = strings.TrimSpace(string(cpus)) - - mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems")) - if err != nil { - return warnings - } - info.Mems = strings.TrimSpace(string(mems)) - - return warnings -} - -// applyPIDSCgroupInfo reads the pids information from the pids cgroup mount point. -func applyPIDSCgroupInfo(info *SysInfo, _ map[string]string) []string { - var warnings []string - _, err := cgroups.FindCgroupMountpoint("", "pids") - if err != nil { - warnings = append(warnings, err.Error()) - return warnings - } - info.PidsLimit = true - return warnings -} - -// applyDevicesCgroupInfo reads the pids information from the devices cgroup mount point. -func applyDevicesCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { - var warnings []string - _, ok := cgMounts["devices"] - info.CgroupDevicesEnabled = ok - return warnings -} - -// applyNetworkingInfo adds networking information to the info. -func applyNetworkingInfo(info *SysInfo, _ map[string]string) []string { - var warnings []string - info.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward") - info.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables") - info.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables") - return warnings -} - -// applyAppArmorInfo adds AppArmor information to the info. -func applyAppArmorInfo(info *SysInfo, _ map[string]string) []string { - var warnings []string - if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) { - if _, err := ioutil.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil { - info.AppArmor = true - } - } - return warnings -} - -// applySeccompInfo checks if Seccomp is supported, via CONFIG_SECCOMP. -func applySeccompInfo(info *SysInfo, _ map[string]string) []string { - var warnings []string - // Check if Seccomp is supported, via CONFIG_SECCOMP. - if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL { - // Make sure the kernel has CONFIG_SECCOMP_FILTER. - if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL { - info.Seccomp = true - } - } - return warnings -} - -func cgroupEnabled(mountPoint, name string) bool { - _, err := os.Stat(path.Join(mountPoint, name)) - return err == nil -} - -func readProcBool(path string) bool { - val, err := ioutil.ReadFile(path) - if err != nil { - return false - } - return strings.TrimSpace(string(val)) == "1" -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go deleted file mode 100644 index 23cc695fb83..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go +++ /dev/null @@ -1,9 +0,0 @@ -// +build !linux,!windows - -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -// New returns an empty SysInfo for non linux for now. -func New(quiet bool) *SysInfo { - sysInfo := &SysInfo{} - return sysInfo -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go deleted file mode 100644 index 5f68524e7ed..00000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_windows.go +++ /dev/null @@ -1,7 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -// New returns an empty SysInfo for windows for now. -func New(quiet bool) *SysInfo { - sysInfo := &SysInfo{} - return sysInfo -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 21b2f05eb77..6a21e7c4ca3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -237,10 +237,8 @@ github.com/docker/docker/daemon/logger/jsonfilelog/jsonlog github.com/docker/docker/errdefs github.com/docker/docker/pkg/jsonmessage github.com/docker/docker/pkg/mount -github.com/docker/docker/pkg/parsers github.com/docker/docker/pkg/parsers/operatingsystem github.com/docker/docker/pkg/stdcopy -github.com/docker/docker/pkg/sysinfo github.com/docker/docker/pkg/term github.com/docker/docker/pkg/term/windows # github.com/docker/go-connections v0.3.0 => github.com/docker/go-connections v0.3.0