Add check for RHEL7/CentOS7 experimental userns disabled

estesp · estesp · commit 23551515564b · 2016-02-23T23:28:24.000-06:00
Add a check in `check-config.sh` to see if we are running on a RHEL7 or
CentOS7 system, which may report that CONFIG_USERNS is OK/enabled, but
user namespaces still won't work because of the experimental feature
flag added by Redhat.

This will add a warning if it is actually disabled and notes what has to
be added to the grub/boot command line to enable it.

Docker-DCO-1.1-Signed-off-by: Phil Estes &lt;estesp@linux.vnet.ibm.com&gt; (github: estesp)
diff --git a/contrib/check-config.sh b/contrib/check-config.sh
@@ -115,6 +115,17 @@ check_device() {
 	fi
 }
 
+check_distro_userns() {
+	source /etc/os-release 2>/dev/null || /bin/true
+	if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then
+		# this is a CentOS7 or RHEL7 system
+		grep -q "user_namespace.enable=1" /proc/cmdline || {
+			# no user namespace support enabled
+			wrap_bad "  (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)"
+		}
+	fi
+}
+
 if [ ! -e "$CONFIG" ]; then
 	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."
 	for tryConfig in "${possibleConfigs[@]}"; do
@@ -185,6 +196,7 @@ echo
 echo 'Optional Features:'
 {
 	check_flags USER_NS
+	check_distro_userns
 }
 {
 	check_flags SECCOMP

Original file line number	Diff line number	Diff line change
`@@ -115,6 +115,17 @@ check_device() {`
`115`	`115`	`fi`
`116`	`116`	`}`
`117`	`117`
	`118`	`+check_distro_userns() {`
	`119`	`+ source /etc/os-release 2>/dev/null \|\| /bin/true`
	`120`	`+ if [[ "${ID}" =~ ^(centos\|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then`
	`121`	`+ # this is a CentOS7 or RHEL7 system`
	`122`	`+ grep -q "user_namespace.enable=1" /proc/cmdline \|\| {`
	`123`	`+ # no user namespace support enabled`
	`124`	`+ wrap_bad " (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)"`
	`125`	`+ }`
	`126`	`+ fi`
	`127`	`+}`
	`128`	`+`
`118`	`129`	`if [ ! -e "$CONFIG" ]; then`
`119`	`130`	`wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."`
`120`	`131`	`for tryConfig in "${possibleConfigs[@]}"; do`
`@@ -185,6 +196,7 @@ echo`
`185`	`196`	`echo 'Optional Features:'`
`186`	`197`	`{`
`187`	`198`	`check_flags USER_NS`
	`199`	`+ check_distro_userns`
`188`	`200`	`}`
`189`	`201`	`{`
`190`	`202`	`check_flags SECCOMP`