mirror of
https://github.com/moby/moby.git
synced 2026-01-11 10:41:43 +00:00
c5991341eb
kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4], producing a `ENOTSUP` in kernel v5.16. Support for this option was removed in runc and other runtimes, as various LTS kernels contained a broken implementation, resulting in unpredictable behavior. We deprecated this option in [moby@b8ca7de], producing a warning when used, and actively ignore the option since [moby@0798f5f]. Given that setting this option had no effect in most situations, we should just remove this option instead of continuing to handle it with the expectation that a runtime may still support it. Note that we still support RHEL 8 (kernel 4.18) and RHEL 9 (kernel 5.14). We no longer build packages for Ubuntu 20.04 (kernel 5.4) and Debian Bullseye 11 (kernel 5.10), which still have an LTS / ESM programme, but for those it would only impact situations where a runtime is used that still supports it, and an old API version was used. [kernel v5.4]: https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0 [moby@b8ca7de]:b8ca7de823[moby@0798f5f]:0798f5f5cfSigned-off-by: Sebastiaan van Stijn <github@gone.nl>
171 lines
5.7 KiB
Go
171 lines
5.7 KiB
Go
package client
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"net/url"
|
|
"path"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/moby/moby/api/types/container"
|
|
"github.com/moby/moby/api/types/network"
|
|
"github.com/moby/moby/api/types/versions"
|
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
)
|
|
|
|
// ContainerCreate creates a new container based on the given configuration.
|
|
// It can be associated with a name, but it's not mandatory.
|
|
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error) {
|
|
var response container.CreateResponse
|
|
|
|
// Make sure we negotiated (if the client is configured to do so),
|
|
// as code below contains API-version specific handling of options.
|
|
//
|
|
// Normally, version-negotiation (if enabled) would not happen until
|
|
// the API request is made.
|
|
if err := cli.checkVersion(ctx); err != nil {
|
|
return response, err
|
|
}
|
|
|
|
if err := cli.NewVersionError(ctx, "1.25", "stop timeout"); config != nil && config.StopTimeout != nil && err != nil {
|
|
return response, err
|
|
}
|
|
if err := cli.NewVersionError(ctx, "1.41", "specify container image platform"); platform != nil && err != nil {
|
|
return response, err
|
|
}
|
|
if err := cli.NewVersionError(ctx, "1.44", "specify health-check start interval"); config != nil && config.Healthcheck != nil && config.Healthcheck.StartInterval != 0 && err != nil {
|
|
return response, err
|
|
}
|
|
if err := cli.NewVersionError(ctx, "1.44", "specify mac-address per network"); hasEndpointSpecificMacAddress(networkingConfig) && err != nil {
|
|
return response, err
|
|
}
|
|
|
|
if hostConfig != nil {
|
|
if versions.LessThan(cli.ClientVersion(), "1.25") {
|
|
// When using API 1.24 and under, the client is responsible for removing the container
|
|
hostConfig.AutoRemove = false
|
|
}
|
|
if platform != nil && platform.OS == "linux" && versions.LessThan(cli.ClientVersion(), "1.42") {
|
|
// When using API under 1.42, the Linux daemon doesn't respect the ConsoleSize
|
|
hostConfig.ConsoleSize = [2]uint{0, 0}
|
|
}
|
|
if versions.LessThan(cli.ClientVersion(), "1.44") {
|
|
for _, m := range hostConfig.Mounts {
|
|
if m.BindOptions != nil {
|
|
// ReadOnlyNonRecursive can be safely ignored when API < 1.44
|
|
if m.BindOptions.ReadOnlyForceRecursive {
|
|
return response, errors.New("bind-recursive=readonly requires API v1.44 or later")
|
|
}
|
|
if m.BindOptions.NonRecursive && versions.LessThan(cli.ClientVersion(), "1.40") {
|
|
return response, errors.New("bind-recursive=disabled requires API v1.40 or later")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
hostConfig.CapAdd = normalizeCapabilities(hostConfig.CapAdd)
|
|
hostConfig.CapDrop = normalizeCapabilities(hostConfig.CapDrop)
|
|
}
|
|
|
|
// Since API 1.44, the container-wide MacAddress is deprecated and triggers a WARNING if it's specified.
|
|
if versions.GreaterThanOrEqualTo(cli.ClientVersion(), "1.44") {
|
|
config.MacAddress = "" //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
|
|
}
|
|
|
|
query := url.Values{}
|
|
if platform != nil {
|
|
if p := formatPlatform(*platform); p != "unknown" {
|
|
query.Set("platform", p)
|
|
}
|
|
}
|
|
|
|
if containerName != "" {
|
|
query.Set("name", containerName)
|
|
}
|
|
|
|
body := container.CreateRequest{
|
|
Config: config,
|
|
HostConfig: hostConfig,
|
|
NetworkingConfig: networkingConfig,
|
|
}
|
|
|
|
resp, err := cli.post(ctx, "/containers/create", query, body, nil)
|
|
defer ensureReaderClosed(resp)
|
|
if err != nil {
|
|
return response, err
|
|
}
|
|
|
|
err = json.NewDecoder(resp.Body).Decode(&response)
|
|
return response, err
|
|
}
|
|
|
|
// formatPlatform returns a formatted string representing platform (e.g., "linux/arm/v7").
|
|
//
|
|
// It is a fork of [platforms.Format], and does not yet support "os.version",
|
|
// as [[platforms.FormatAll] does.
|
|
//
|
|
// [platforms.Format]: https://github.com/containerd/platforms/blob/v1.0.0-rc.1/platforms.go#L309-L316
|
|
// [platforms.FormatAll]: https://github.com/containerd/platforms/blob/v1.0.0-rc.1/platforms.go#L318-L330
|
|
func formatPlatform(platform ocispec.Platform) string {
|
|
if platform.OS == "" {
|
|
return "unknown"
|
|
}
|
|
return path.Join(platform.OS, platform.Architecture, platform.Variant)
|
|
}
|
|
|
|
// hasEndpointSpecificMacAddress checks whether one of the endpoint in networkingConfig has a MacAddress defined.
|
|
func hasEndpointSpecificMacAddress(networkingConfig *network.NetworkingConfig) bool {
|
|
if networkingConfig == nil {
|
|
return false
|
|
}
|
|
for _, endpoint := range networkingConfig.EndpointsConfig {
|
|
if endpoint.MacAddress != "" {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// allCapabilities is a magic value for "all capabilities"
|
|
const allCapabilities = "ALL"
|
|
|
|
// normalizeCapabilities normalizes capabilities to their canonical form,
|
|
// removes duplicates, and sorts the results.
|
|
//
|
|
// It is similar to [caps.NormalizeLegacyCapabilities],
|
|
// but performs no validation based on supported capabilities.
|
|
//
|
|
// [caps.NormalizeLegacyCapabilities]: https://github.com/moby/moby/blob/v28.3.2/oci/caps/utils.go#L56
|
|
func normalizeCapabilities(caps []string) []string {
|
|
var normalized []string
|
|
|
|
unique := make(map[string]struct{})
|
|
for _, c := range caps {
|
|
c = normalizeCap(c)
|
|
if _, ok := unique[c]; ok {
|
|
continue
|
|
}
|
|
unique[c] = struct{}{}
|
|
normalized = append(normalized, c)
|
|
}
|
|
|
|
sort.Strings(normalized)
|
|
return normalized
|
|
}
|
|
|
|
// normalizeCap normalizes a capability to its canonical format by upper-casing
|
|
// and adding a "CAP_" prefix (if not yet present). It also accepts the "ALL"
|
|
// magic-value.
|
|
func normalizeCap(capability string) string {
|
|
capability = strings.ToUpper(capability)
|
|
if capability == allCapabilities {
|
|
return capability
|
|
}
|
|
if !strings.HasPrefix(capability, "CAP_") {
|
|
capability = "CAP_" + capability
|
|
}
|
|
return capability
|
|
}
|