#!/bin/sh

# Allow environment variables to override grep and config
: ${CONFIG:=/proc/config.gz}
: ${GREP:=zgrep}

SETCOLOR_SUCCESS () { printf '\033[1;32m'; }
SETCOLOR_FAILURE () { printf '\033[1;31m'; }
SETCOLOR_WARNING () { printf '\033[1;33m'; }
SETCOLOR_NORMAL  () { printf '\033[0;39m'; }

is_set() {
    $GREP -q "$1=[y|m]" "$CONFIG"
    return $?
}

is_enabled() {
    prefix=$1
    option=$2
    mandatory=$3

    is_set "$option"
    RES=$?

    echo -n "$prefix"
    if [ $RES -eq 0 ]; then
	SETCOLOR_SUCCESS && echo "enabled" && SETCOLOR_NORMAL
    else
	if [ ! -z "$mandatory" ] && [ "$mandatory" = yes ]; then
	    SETCOLOR_FAILURE && echo "required" && SETCOLOR_NORMAL
	else
	    SETCOLOR_WARNING && echo "missing" && SETCOLOR_NORMAL
	fi
    fi
}

if [ ! -f "$CONFIG" ]; then
    echo "Kernel config $CONFIG not found, looking in other places..."
    KVER="`uname -r`"
    HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
    BOOT_CONFIG="/boot/config-$KVER"
    [ -f "${HEADERS_CONFIG}" ] && CONFIG=${HEADERS_CONFIG}
    [ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
    GREP=grep
    if [ ! -f $CONFIG ]; then
        echo
        echo "The kernel configuration can not be retrieved."
        echo "Please recompile with IKCONFIG_PROC, or"
	echo "install the kernel headers, or specify"
	echo "the path to the config file with: CONFIG=<path> lxc-checkconfig"
        echo
        exit 1
    else
        echo "Found kernel config file $CONFIG"
    fi
fi

echo "--- Namespaces ---"
is_enabled "Namespaces: " CONFIG_NAMESPACES yes
is_enabled "Utsname namespace: " CONFIG_UTS_NS
is_enabled "Ipc namespace: " CONFIG_IPC_NS yes
is_enabled "Pid namespace: " CONFIG_PID_NS yes
is_enabled "User namespace: " CONFIG_USER_NS
is_enabled "Network namespace: " CONFIG_NET_NS
is_enabled "Multiple /dev/pts instances: " DEVPTS_MULTIPLE_INSTANCES
echo
echo "--- Control groups ---"

print_cgroups() {
  # print all mountpoints for cgroup filesystems
  awk '$1 !~ /#/ && $3 == mp { print $2; } ; END { exit(0); } '  "mp=$1" "$2" ;
}

CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -1`

is_enabled "Cgroup: " CONFIG_CGROUPS yes

if [ -f "$CGROUP_MNT_PATH/cgroup.clone_children" ]; then
    echo -n "Cgroup clone_children flag: " &&
    SETCOLOR_SUCCESS && echo "enabled" && SETCOLOR_NORMAL
else
    echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS yes
fi
is_enabled "Cgroup device: " CONFIG_CGROUP_DEVICE
is_enabled "Cgroup sched: " CONFIG_CGROUP_SCHED
is_enabled "Cgroup cpu account: " CONFIG_CGROUP_CPUACCT
is_enabled "Cgroup memory controller: " CONFIG_CGROUP_MEM_RES_CTLR
is_set CONFIG_SMP && is_enabled "Cgroup cpuset: " CONFIG_CPUSETS
echo
echo "--- Misc ---"
is_enabled "Veth pair device: " CONFIG_VETH
is_enabled "Macvlan: " CONFIG_MACVLAN
is_enabled "Vlan: " CONFIG_VLAN_8021Q
KVER=$($GREP "^# Linux" "$CONFIG" | sed -r "s/.*([23])\.([0-9])+\.([0-9]+).*/\1 \2 \3/")
kernel_version () { echo $(( ( $1 << 16 ) + ( $2 << 8 ) + $3)); }
echo -n "File capabilities: "
if [ $(kernel_version $KVER) -le $(kernel_version 2 6 32) ]; then
        is_enabled CONFIG_SECURITY_FILE_CAPABILITIES
else
        SETCOLOR_SUCCESS && echo "enabled" && SETCOLOR_NORMAL
fi

echo
echo "Note : Before booting a new kernel, you can check its configuration"
echo "usage : CONFIG=/path/to/config $0"
echo
