9 "github.com/docker/docker/api/errors"
10 containertypes "github.com/docker/docker/api/types/container"
11 "github.com/docker/docker/api/types/strslice"
12 "github.com/docker/docker/container"
13 "github.com/docker/docker/daemon/network"
14 "github.com/docker/docker/image"
15 "github.com/docker/docker/opts"
16 "github.com/docker/docker/pkg/signal"
17 "github.com/docker/docker/pkg/system"
18 "github.com/docker/docker/pkg/truncindex"
19 "github.com/docker/docker/runconfig"
20 "github.com/docker/go-connections/nat"
21 "github.com/opencontainers/selinux/go-selinux/label"
24 // GetContainer looks for a container using the provided information, which could be
25 // one of the following inputs from the caller:
26 // - A full container ID, which will exact match a container in daemon's list
27 // - A container name, which will only exact match via the GetByName() function
28 // - A partial container ID prefix (e.g. short ID) of any length that is
29 // unique enough to only return a single container object
30 // If none of these searches succeed, an error is returned
31 func (daemon *Daemon) GetContainer(prefixOrName string) (*container.Container, error) {
32 if len(prefixOrName) == 0 {
33 return nil, errors.NewBadRequestError(fmt.Errorf("No container name or ID supplied"))
36 if containerByID := daemon.containers.Get(prefixOrName); containerByID != nil {
37 // prefix is an exact match to a full container ID
38 return containerByID, nil
41 // GetByName will match only an exact name provided; we ignore errors
42 if containerByName, _ := daemon.GetByName(prefixOrName); containerByName != nil {
43 // prefix is an exact match to a full container Name
44 return containerByName, nil
47 containerID, indexError := daemon.idIndex.Get(prefixOrName)
48 if indexError != nil {
49 // When truncindex defines an error type, use that instead
50 if indexError == truncindex.ErrNotExist {
51 err := fmt.Errorf("No such container: %s", prefixOrName)
52 return nil, errors.NewRequestNotFoundError(err)
54 return nil, indexError
56 return daemon.containers.Get(containerID), nil
59 // checkContainer make sure the specified container validates the specified conditions
60 func (daemon *Daemon) checkContainer(container *container.Container, conditions ...func(*container.Container) error) error {
61 for _, condition := range conditions {
62 if err := condition(container); err != nil {
69 // Exists returns a true if a container of the specified ID or name exists,
71 func (daemon *Daemon) Exists(id string) bool {
72 c, _ := daemon.GetContainer(id)
76 // IsPaused returns a bool indicating if the specified container is paused.
77 func (daemon *Daemon) IsPaused(id string) bool {
78 c, _ := daemon.GetContainer(id)
79 return c.State.IsPaused()
82 func (daemon *Daemon) containerRoot(id string) string {
83 return filepath.Join(daemon.repository, id)
86 // Load reads the contents of a container from disk
87 // This is typically done at startup.
88 func (daemon *Daemon) load(id string) (*container.Container, error) {
89 container := daemon.newBaseContainer(id)
91 if err := container.FromDisk(); err != nil {
94 if err := label.ReserveLabel(container.ProcessLabel); err != nil {
98 if container.ID != id {
99 return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)
102 return container, nil
105 // Register makes a container object usable by the daemon as <container.ID>
106 func (daemon *Daemon) Register(c *container.Container) error {
107 // Attach to stdout and stderr
108 if c.Config.OpenStdin {
109 c.StreamConfig.NewInputPipes()
111 c.StreamConfig.NewNopInputPipe()
114 // once in the memory store it is visible to other goroutines
115 // grab a Lock until it has been checkpointed to avoid races
119 daemon.containers.Add(c.ID, c)
120 daemon.idIndex.Add(c.ID)
121 return c.CheckpointTo(daemon.containersReplica)
124 func (daemon *Daemon) newContainer(name string, platform string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {
128 noExplicitName = name == ""
130 id, name, err = daemon.generateIDAndName(name)
135 if hostConfig.NetworkMode.IsHost() {
136 if config.Hostname == "" {
137 config.Hostname, err = os.Hostname()
143 daemon.generateHostname(id, config)
145 entrypoint, args := daemon.getEntrypointAndArgs(config.Entrypoint, config.Cmd)
147 base := daemon.newBaseContainer(id)
148 base.Created = time.Now().UTC()
149 base.Managed = managed
150 base.Path = entrypoint
151 base.Args = args //FIXME: de-duplicate from config
153 base.HostConfig = &containertypes.HostConfig{}
155 base.NetworkSettings = &network.Settings{IsAnonymousEndpoint: noExplicitName}
157 base.Driver = daemon.GraphDriverName(platform)
158 base.Platform = platform
162 // GetByName returns a container given a name.
163 func (daemon *Daemon) GetByName(name string) (*container.Container, error) {
165 return nil, fmt.Errorf("No container name supplied")
169 fullName = "/" + name
171 id, err := daemon.nameIndex.Get(fullName)
173 return nil, fmt.Errorf("Could not find entity for %s", name)
175 e := daemon.containers.Get(id)
177 return nil, fmt.Errorf("Could not find container for entity id %s", id)
182 // newBaseContainer creates a new container with its initial
183 // configuration based on the root storage from the daemon.
184 func (daemon *Daemon) newBaseContainer(id string) *container.Container {
185 return container.NewBaseContainer(id, daemon.containerRoot(id))
188 func (daemon *Daemon) getEntrypointAndArgs(configEntrypoint strslice.StrSlice, configCmd strslice.StrSlice) (string, []string) {
189 if len(configEntrypoint) != 0 {
190 return configEntrypoint[0], append(configEntrypoint[1:], configCmd...)
192 return configCmd[0], configCmd[1:]
195 func (daemon *Daemon) generateHostname(id string, config *containertypes.Config) {
196 // Generate default hostname
197 if config.Hostname == "" {
198 config.Hostname = id[:12]
202 func (daemon *Daemon) setSecurityOptions(container *container.Container, hostConfig *containertypes.HostConfig) error {
204 defer container.Unlock()
205 return daemon.parseSecurityOpt(container, hostConfig)
208 func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *containertypes.HostConfig) error {
209 // Do not lock while creating volumes since this could be calling out to external plugins
210 // Don't want to block other actions, like `docker ps` because we're waiting on an external plugin
211 if err := daemon.registerMountPoints(container, hostConfig); err != nil {
216 defer container.Unlock()
218 // Register any links from the host config before starting the container
219 if err := daemon.registerLinks(container, hostConfig); err != nil {
223 runconfig.SetDefaultNetModeIfBlank(hostConfig)
224 container.HostConfig = hostConfig
225 return container.CheckpointTo(daemon.containersReplica)
228 // verifyContainerSettings performs validation of the hostconfig and config
230 func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostConfig, config *containertypes.Config, update bool) ([]string, error) {
232 // First perform verification of settings common across all platforms.
234 if config.WorkingDir != "" {
235 config.WorkingDir = filepath.FromSlash(config.WorkingDir) // Ensure in platform semantics
236 if !system.IsAbs(config.WorkingDir) {
237 return nil, fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
241 if len(config.StopSignal) > 0 {
242 _, err := signal.ParseSignal(config.StopSignal)
248 // Validate if Env contains empty variable or not (e.g., ``, `=foo`)
249 for _, env := range config.Env {
250 if _, err := opts.ValidateEnv(env); err != nil {
255 // Validate the healthcheck params of Config
256 if config.Healthcheck != nil {
257 if config.Healthcheck.Interval != 0 && config.Healthcheck.Interval < containertypes.MinimumDuration {
258 return nil, fmt.Errorf("Interval in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
261 if config.Healthcheck.Timeout != 0 && config.Healthcheck.Timeout < containertypes.MinimumDuration {
262 return nil, fmt.Errorf("Timeout in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
265 if config.Healthcheck.Retries < 0 {
266 return nil, fmt.Errorf("Retries in Healthcheck cannot be negative")
269 if config.Healthcheck.StartPeriod != 0 && config.Healthcheck.StartPeriod < containertypes.MinimumDuration {
270 return nil, fmt.Errorf("StartPeriod in Healthcheck cannot be less than %s", containertypes.MinimumDuration)
275 if hostConfig == nil {
279 if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
280 return nil, fmt.Errorf("can't create 'AutoRemove' container with restart policy")
283 for _, extraHost := range hostConfig.ExtraHosts {
284 if _, err := opts.ValidateExtraHost(extraHost); err != nil {
289 for port := range hostConfig.PortBindings {
290 _, portStr := nat.SplitProtoPort(string(port))
291 if _, err := nat.ParsePort(portStr); err != nil {
292 return nil, fmt.Errorf("invalid port specification: %q", portStr)
294 for _, pb := range hostConfig.PortBindings[port] {
295 _, err := nat.NewPort(nat.SplitProtoPort(pb.HostPort))
297 return nil, fmt.Errorf("invalid port specification: %q", pb.HostPort)
302 p := hostConfig.RestartPolicy
305 case "always", "unless-stopped", "no":
306 if p.MaximumRetryCount != 0 {
307 return nil, fmt.Errorf("maximum retry count cannot be used with restart policy '%s'", p.Name)
310 if p.MaximumRetryCount < 0 {
311 return nil, fmt.Errorf("maximum retry count cannot be negative")
316 return nil, fmt.Errorf("invalid restart policy '%s'", p.Name)
319 // Now do platform-specific verification
320 return verifyPlatformContainerSettings(daemon, hostConfig, config, update)