diff options
| author | Nicolas Vollmar <nvollmar@gmail.com> | 2024-06-09 22:59:26 +0200 |
|---|---|---|
| committer | Nicolas Vollmar <nvo@scaling.ch> | 2024-06-10 11:24:32 +0200 |
| commit | f030464952168b553b5b3e29b461d437c2642a9b (patch) | |
| tree | 8c3f8f5749417164618f6dc68968b92ed648b367 /src | |
| parent | 717ea64e4c54a8be619ffc29c16c6203b29319dd (diff) | |
| download | vyos-1x-f030464952168b553b5b3e29b461d437c2642a9b.tar.gz vyos-1x-f030464952168b553b5b3e29b461d437c2642a9b.zip | |
T6219: align with system sysctl and limit parameters to supported
Diffstat (limited to 'src')
| -rwxr-xr-x | src/completion/list_container_sysctl_parameters.sh | 20 | ||||
| -rwxr-xr-x | src/conf_mode/container.py | 14 |
2 files changed, 28 insertions, 6 deletions
diff --git a/src/completion/list_container_sysctl_parameters.sh b/src/completion/list_container_sysctl_parameters.sh new file mode 100755 index 000000000..cf8d006e5 --- /dev/null +++ b/src/completion/list_container_sysctl_parameters.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +declare -a vals +eval "vals=($(/sbin/sysctl -N -a|grep -E '^(fs.mqueue|net)\.|^(kernel.msgmax|kernel.msgmnb|kernel.msgmni|kernel.sem|kernel.shmall|kernel.shmmax|kernel.shmmni|kernel.shm_rmid_forced)$'))" +echo ${vals[@]} +exit 0 diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 8757c5eab..a969626a9 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -191,10 +191,12 @@ def verify(container): if not os.path.exists(source): raise ConfigError(f'Device "{dev}" source path "{source}" does not exist!') - if 'kernel-parameter' in container_config: - for var, cfg in container_config['kernel-parameter'].items(): + if 'sysctl' in container_config and 'parameter' in container_config['sysctl']: + for var, cfg in container_config['sysctl']['parameter'].items(): if 'value' not in cfg: - raise ConfigError(f'Kernel parameter {var} has no value assigned!') + raise ConfigError(f'sysctl parameter {var} has no value assigned!') + if var.startswith('net.') and 'allow_host_networks' in container_config: + raise ConfigError(f'sysctl parameter {var} cannot be set when using host networking!') if 'environment' in container_config: for var, cfg in container_config['environment'].items(): @@ -285,9 +287,9 @@ def generate_run_arguments(name, container_config): # Add sysctl options sysctl_opt = '' - if 'kernel-parameter' in container_config: - for k, v in container_config['kernel-parameter'].items(): - sysctl_opt += f" --sysctl={k}={v['value']}" + if 'sysctl' in container_config and 'parameter' in container_config['sysctl']: + for k, v in container_config['sysctl']['parameter'].items(): + sysctl_opt += f" --sysctl {k}={v['value']}" # Add capability options. Should be in uppercase capabilities = '' |