diff options
author | Nicolas Vollmar <nvollmar@gmail.com> | 2024-06-09 22:59:26 +0200 |
---|---|---|
committer | Nicolas Vollmar <nvo@scaling.ch> | 2024-06-10 11:24:32 +0200 |
commit | f030464952168b553b5b3e29b461d437c2642a9b (patch) | |
tree | 8c3f8f5749417164618f6dc68968b92ed648b367 /src/conf_mode/container.py | |
parent | 717ea64e4c54a8be619ffc29c16c6203b29319dd (diff) | |
download | vyos-1x-f030464952168b553b5b3e29b461d437c2642a9b.tar.gz vyos-1x-f030464952168b553b5b3e29b461d437c2642a9b.zip |
T6219: align with system sysctl and limit parameters to supported
Diffstat (limited to 'src/conf_mode/container.py')
-rwxr-xr-x | src/conf_mode/container.py | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 8757c5eab..a969626a9 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -191,10 +191,12 @@ def verify(container): if not os.path.exists(source): raise ConfigError(f'Device "{dev}" source path "{source}" does not exist!') - if 'kernel-parameter' in container_config: - for var, cfg in container_config['kernel-parameter'].items(): + if 'sysctl' in container_config and 'parameter' in container_config['sysctl']: + for var, cfg in container_config['sysctl']['parameter'].items(): if 'value' not in cfg: - raise ConfigError(f'Kernel parameter {var} has no value assigned!') + raise ConfigError(f'sysctl parameter {var} has no value assigned!') + if var.startswith('net.') and 'allow_host_networks' in container_config: + raise ConfigError(f'sysctl parameter {var} cannot be set when using host networking!') if 'environment' in container_config: for var, cfg in container_config['environment'].items(): @@ -285,9 +287,9 @@ def generate_run_arguments(name, container_config): # Add sysctl options sysctl_opt = '' - if 'kernel-parameter' in container_config: - for k, v in container_config['kernel-parameter'].items(): - sysctl_opt += f" --sysctl={k}={v['value']}" + if 'sysctl' in container_config and 'parameter' in container_config['sysctl']: + for k, v in container_config['sysctl']['parameter'].items(): + sysctl_opt += f" --sysctl {k}={v['value']}" # Add capability options. Should be in uppercase capabilities = '' |