zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-10-07 08:21:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adding spec validation for exec and start

Browse Source 
Signed-off-by: Rajasekaran <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Rebased with latest spec version

Signed-off-by: rajasec <rajasec79@gmail.com>
This commit is contained in:
Rajasekaran
2016-03-07 23:06:14 +05:30
committed by rajasec
parent 5a91c338f5
commit d1faa82a0a
3 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
exec.go
View File

@@ -118,7 +118,7 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
if err := json.NewDecoder(f).Decode(&p); err != nil { if err := json.NewDecoder(f).Decode(&p); err != nil {
return nil, err return nil, err
} }
return &p, nil return &p, validateProcessSpec(&p)
} }
// process via cli flags // process via cli flags
if err := os.Chdir(bundle); err != nil { if err := os.Chdir(bundle); err != nil {

14
spec.go
View File

@@ -197,18 +197,6 @@ var mountPropagationMapping = map[string]int{
"": syscall.MS_PRIVATE | syscall.MS_REC, "": syscall.MS_PRIVATE | syscall.MS_REC,
} }
// validateSpec validates the fields in the spec
// TODO: Add validation for other fields where applicable
func validateSpec(spec *specs.Spec) error {
if spec.Process.Cwd == "" {
return fmt.Errorf("Cwd property must not be empty")
}
if !filepath.IsAbs(spec.Process.Cwd) {
return fmt.Errorf("Cwd must be an absolute path")
}
return nil
}
// loadSpec loads the specification from the provided path. // loadSpec loads the specification from the provided path.
// If the path is empty then the default path will be "config.json" // If the path is empty then the default path will be "config.json"
func loadSpec(cPath string) (spec *specs.Spec, err error) { func loadSpec(cPath string) (spec *specs.Spec, err error) {
@@ -224,7 +212,7 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
if err = json.NewDecoder(cf).Decode(&spec); err != nil { if err = json.NewDecoder(cf).Decode(&spec); err != nil {
return nil, err return nil, err
} }
return spec, validateSpec(spec) return spec, validateProcessSpec(&spec.Process)
} }
func createLibcontainerConfig(cgroupName string, spec *specs.Spec) (*configs.Config, error) { func createLibcontainerConfig(cgroupName string, spec *specs.Spec) (*configs.Config, error) {

22
utils.go
View File

@@ -365,3 +365,25 @@ func runProcess(container libcontainer.Container, config *specs.Process, listenF
} }
return handler.forward(process) return handler.forward(process)
} }
func validateProcessSpec(spec ...interface{}) error {
for _, arg := range spec {
switch a := arg.(type) {
case *specs.Process:
if a.Cwd == "" {
return fmt.Errorf("Cwd property must not be empty")
}
if !filepath.IsAbs(a.Cwd) {
return fmt.Errorf("Cwd must be an absolute path")
}
if len(a.Args) == 0 {
return fmt.Errorf("args must not be empty")
}
//TODO
//Add for remaining spec validation
default:
return fmt.Errorf("not a valid spec")
}
}
return nil
}