While this is used by the majority of upper container runtimes, it was
not needed for runc itself. Since commit 515f09f7 runc uses overlay,
too, so let's add a check for this.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
It seems that newer podman versions need the kernel comment flag too.
By podman run, iptables using -m comment in the iptables-command to add the corresponding network rules.
Signed-off-by: Christian Happ <Christian.Happ@jumo.net>
Looking at the code, I found out that kernel_lt function was actually
doing le ("less than or equal") rather than lt ("less than") operation.
Let's fix this and do exactly what the name says.
A bigger issue is, the function use was not consistent (some uses
implied "less than or equal").
To fix the usage, find out all relevant kernel commits and kernel
versions that have them (the latter is done using "git describe
--contains $sha"), and fix the wrong cases. While at it, add references
to all these kernel commits for the future generations of
check-config.sh hackers.
Also, add kernel_ge function which is the opposite of kernel_lt,
and document both.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
...when the stdout is not a terminal, and also when NO_COLOR environment
variable is set to any non-empty value (as per no-color.org).
Co-authored-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kernel commit e55b9f96860f (which made its way into Linux v6.1-rc1)
removes CONFIG_MEMCG_SWAP entirely, so there's no sense to check for in
on newer kernels.
Make the check conditional.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
cgroup v2 requires CONFIG_CGROUP_BPF kernel option to be set
else runc can not start containers.
check-config.sh script checks if the CONFIG_CGROUP_BPF option
is set. The script checks if version of kernel is atleast
4.15 and cgroup v2 is being used before checking if the
CONFIG_CGROUP_BPF option is set.
Closes#3547
Signed-off-by: dharmicksai <dharmicksaik@gmail.com>
One particularly bad one is ${codes[@]} which is fine in bash 4.4+,
but gives "codes[@]: unbound variable" with older bash versions,
such as with bash 4.2 used on CentOS 6. It's good that this is the only
array in the script that can potentially be empty.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
... and add this file to shellcheck target in Makefile.
These:
In script/check-config.sh line 27:
kernelMinor="${kernelVersion#$kernelMajor.}"
^----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
kernelMinor="${kernelVersion#"$kernelMajor".}"
In script/check-config.sh line 103:
source /etc/os-release 2>/dev/null || /bin/true
^-------------^ SC1091 (info): Not following: /etc/os-release was not specified as input (see shellcheck -x).
In script/check-config.sh line 267:
NET_CLS_CGROUP $netprio
^------^ SC2206 (warning): Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Like this one:
In ./script/check-config.sh line 215:
if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then
^-- SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
1. Allow wrap_bad and wrap_good to have an optional arguments.
2. Remove unneeded echos; this fixes the shellcheck warnings like
In ./script/check-config.sh line 178:
echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')"
^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
3. Fix missing color argument in calls to wrap_color (when printing the
hint about how to install apparmor).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These config options are removed by kernel commit f382fb0bcef4,
which made its way into kernel v5.0-rc1.
Make the check conditional.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Kernel commit 2d1c498072de69e (which made its way into kernel v5.8-rc1)
removed CONFIG_MEMCG_SWAP_ENABLED Kconfig option, making swap accounting
always enabled (unless swapaccount=0 boot option is provided).
Make the check conditional.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
CONFIG_NF_NAT_NEEDED was removed in kernel commit 4806e975729f99c7,
which made its way into v5.2-rc1. The functionality is now under
NF_NAT which we already check for.
Make the check for NF_NAT_NEEDED conditional.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
CONFIG_NF_NAT_IPV4 was removed in kernel commit 3bf195ae6037e310,
which made its way into v5.1-rc1. The functionality is now under
NF_NAT which we already check for.
Make the check for NF_NAT_IPV4 conditional.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
I played with shfmt options (-bn, -ci, -sr) a bit trying to minimize
the patch generated (and also because I don't have a strong preference
on these matters), and it appears to be that the patch size is about the
same nevertheless, so I chose no options.
This commit is brought to you by
shfmt -ln bash -w man/*.sh script/*.sh tests/*.sh tests/integration/*.bash
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Recent changes in upstream shfmt have started causing our scripts to no
longer be "correctly formatted". Fix up with `shfmt -w`.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
If user run current script whthout argument, the script will search
config in default dir list, but output following message:
| # script/check-config.sh
| warning: /proc/config.gz seems not a kernel config, searching other paths for kernel config ...
^^^^^^^^^^^^^^^
| info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
| ...
We can make output better by restruct the code struct:
1: Specify nothing
Show info, and search default dir
2: Specify a config file
Use it directly
3: Specify a wrong config file
Show warning, and search default dir
4: Specify a dir
Info, and search specified dir
Test:
| # script/check-config.sh
| info: no config specified, searching for kernel config ...
| info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
|
| # script/check-config.sh /linux/.config
| info: reading kernel config from /linux/.config ...
|
| # script/check-config.sh /linux/.configgg
| warning: /linux/.configgg seems not a kernel config, searching other paths for kernel config ...
| info: reading kernel config from /boot/config-4.7.0_HEAD_523d939ef98fd712632d93a5a2b588e477a7565e_ ...
|
| # script/check-config.sh /linux
| info: input is a directory, searching for kernel config in this directory...
| info: reading kernel config from /linux/.config ...
|
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
