diff --git a/build/docker/util.go b/build/docker/util.go index f7ede3f92..3d57228d7 100644 --- a/build/docker/util.go +++ b/build/docker/util.go @@ -22,6 +22,7 @@ func toContainerConfig(c *yaml.Container) *dockerclient.ContainerConfig { Privileged: c.Privileged, NetworkMode: c.Network, Memory: c.MemLimit, + ShmSize: c.ShmSize, CpuShares: c.CPUShares, CpuQuota: c.CPUQuota, CpusetCpus: c.CPUSet, diff --git a/yaml/container.go b/yaml/container.go index 77e41c1f6..441744f89 100644 --- a/yaml/container.go +++ b/yaml/container.go @@ -40,6 +40,7 @@ type Container struct { DNSSearch []string MemSwapLimit int64 MemLimit int64 + ShmSize int64 CPUQuota int64 CPUShares int64 CPUSet string @@ -75,6 +76,7 @@ type container struct { DNSSearch types.StringOrSlice `yaml:"dns_search"` MemSwapLimit int64 `yaml:"memswap_limit"` MemLimit int64 `yaml:"mem_limit"` + ShmSize int64 `yaml:"shm_size"` CPUQuota int64 `yaml:"cpu_quota"` CPUShares int64 `yaml:"cpu_shares"` CPUSet string `yaml:"cpuset"` @@ -144,6 +146,7 @@ func (c *containerList) UnmarshalYAML(unmarshal func(interface{}) error) error { DNSSearch: cc.DNSSearch.Slice(), MemSwapLimit: cc.MemSwapLimit, MemLimit: cc.MemLimit, + ShmSize: cc.ShmSize, CPUQuota: cc.CPUQuota, CPUShares: cc.CPUShares, CPUSet: cc.CPUSet, diff --git a/yaml/transform/validate.go b/yaml/transform/validate.go index 28471e013..161280dc3 100644 --- a/yaml/transform/validate.go +++ b/yaml/transform/validate.go @@ -51,6 +51,9 @@ func CheckTrusted(c *yaml.Container) error { if c.Privileged { return fmt.Errorf("Insufficient privileges to use privileged mode") } + if c.ShmSize != 0 { + return fmt.Errorf("Insufficient privileges to override shm_size") + } if len(c.DNS) != 0 { return fmt.Errorf("Insufficient privileges to use custom dns") }