Skip to content

Commit

Permalink
T6219: align with system sysctl and limit parameters to supported
Browse files Browse the repository at this point in the history
  • Loading branch information
nvollmar committed Jun 10, 2024
1 parent 717ea64 commit ed45139
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 20 deletions.
31 changes: 20 additions & 11 deletions interface-definitions/container.xml.in
Original file line number Diff line number Diff line change
Expand Up @@ -71,26 +71,35 @@
<multi/>
</properties>
</leafNode>
<tagNode name="kernel-parameter">
<node name="sysctl">
<properties>
<help>Add custom kernel parameters (sysctl)</help>
<constraint>
<regex>[._a-z*]+</regex>
</constraint>
<constraintErrorMessage>Kernel parameter name must be alphanumeric and can contain periods, asterisks and underscores</constraintErrorMessage>
<help>Configure namespaced kernel parameters of the container</help>
</properties>
<children>
<leafNode name="value">
<tagNode name="parameter">
<properties>
<help>Set kernel parameter option value</help>
<help>Sysctl key name</help>
<completionHelp>
<script>${vyos_completion_dir}/list_container_sysctl_parameters.sh</script>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Set kernel parameter option value</description>
<description>Sysctl key name</description>
</valueHelp>
<constraint>
<validator name="sysctl"/>
</constraint>
</properties>
</leafNode>
<children>
<leafNode name="value">
<properties>
<help>Sysctl configuration value</help>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
</node>
#include <include/generic-description.xml.i>
<tagNode name="device">
<properties>
Expand Down
2 changes: 1 addition & 1 deletion smoketest/config-tests/container-simple
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ set container name c02 allow-host-networks
set container name c02 allow-host-pid
set container name c02 capability 'sys-time'
set container name c02 image 'busybox:stable'
set container name c02 kernel-parameter 'net.ipv4.conf.all.forwarding' value '1'
set container name c02 sysctl parameter kernel.msgmax value '8192'
6 changes: 4 additions & 2 deletions smoketest/configs/container-simple
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ container {
allow-host-pid
cap-add sys-time
image busybox:stable
kernel-parameter "net.ipv4.ip_forward" {
value "1"
sysctl {
parameter kernel.msgmax {
value "8192"
}
}
}
}
Expand Down
1 change: 1 addition & 0 deletions smoketest/scripts/cli/test_container.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ def test_basic(self):

self.cli_set(base_path + ['name', cont_name, 'image', cont_image])
self.cli_set(base_path + ['name', cont_name, 'allow-host-networks'])
self.cli_set(base_path + ['name', cont_name, 'sysctl', 'parameter', 'kernel.msgmax', 'value', '8192'])

# commit changes
self.cli_commit()
Expand Down
20 changes: 20 additions & 0 deletions src/completion/list_container_sysctl_parameters.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/sh
#
# Copyright (C) 2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

declare -a vals
eval "vals=($(/sbin/sysctl -N -a|grep -E '^(fs.mqueue|net)\.|^(kernel.msgmax|kernel.msgmnb|kernel.msgmni|kernel.sem|kernel.shmall|kernel.shmmax|kernel.shmmni|kernel.shm_rmid_forced)$'))"
echo ${vals[@]}
exit 0
14 changes: 8 additions & 6 deletions src/conf_mode/container.py
Original file line number Diff line number Diff line change
Expand Up @@ -191,10 +191,12 @@ def verify(container):
if not os.path.exists(source):
raise ConfigError(f'Device "{dev}" source path "{source}" does not exist!')

if 'kernel-parameter' in container_config:
for var, cfg in container_config['kernel-parameter'].items():
if 'sysctl' in container_config and 'parameter' in container_config['sysctl']:
for var, cfg in container_config['sysctl']['parameter'].items():
if 'value' not in cfg:
raise ConfigError(f'Kernel parameter {var} has no value assigned!')
raise ConfigError(f'sysctl parameter {var} has no value assigned!')
if var.startswith('net.') and 'allow_host_networks' in container_config:
raise ConfigError(f'sysctl parameter {var} cannot be set when using host networking!')

if 'environment' in container_config:
for var, cfg in container_config['environment'].items():
Expand Down Expand Up @@ -285,9 +287,9 @@ def generate_run_arguments(name, container_config):

# Add sysctl options
sysctl_opt = ''
if 'kernel-parameter' in container_config:
for k, v in container_config['kernel-parameter'].items():
sysctl_opt += f" --sysctl={k}={v['value']}"
if 'sysctl' in container_config and 'parameter' in container_config['sysctl']:
for k, v in container_config['sysctl']['parameter'].items():
sysctl_opt += f" --sysctl {k}={v['value']}"

# Add capability options. Should be in uppercase
capabilities = ''
Expand Down

0 comments on commit ed45139

Please sign in to comment.