// NewRuntimeAdmitHandler returns a sysctlRuntimeAdmitHandler which checks whether // the given runtime support sysctls. func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, error) { if runtime.Type() == dockertools.DockerType { v, err := runtime.APIVersion() if err != nil { return nil, fmt.Errorf("failed to get runtime version: %v", err) } // only Docker >= 1.12 supports sysctls c, err := v.Compare(dockertools.DockerV112APIVersion) if err != nil { return nil, fmt.Errorf("failed to compare Docker version for sysctl support: %v", err) } if c >= 0 { return &runtimeAdmitHandler{ result: lifecycle.PodAdmitResult{ Admit: true, }, }, nil } return &runtimeAdmitHandler{ result: lifecycle.PodAdmitResult{ Admit: false, Reason: UnsupportedReason, Message: "Docker before 1.12 does not support sysctls", }, }, nil } // for other runtimes like rkt sysctls are not supported return &runtimeAdmitHandler{ result: lifecycle.PodAdmitResult{ Admit: false, Reason: UnsupportedReason, Message: fmt.Sprintf("runtime %v does not support sysctls", runtime.Type()), }, }, nil }