Merge pull request #1150 from WeiZhang555/forbid-duplicated-namespace

hqhq · web-flow · commit e7abf30cb820 · 2016-10-27T10:23:16.000+08:00
Detect and forbid duplicated namespace in spec
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -187,6 +187,9 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 		if !exists {
 			return nil, fmt.Errorf("namespace %q does not exist", ns)
 		}
+		if config.Namespaces.Contains(t) {
+			return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
+		}
 		config.Namespaces.Add(t, ns.Path)
 	}
 	if config.Namespaces.Contains(configs.NEWNET) {
diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go
@@ -38,3 +38,27 @@ func TestLinuxCgroupsPathNotSpecified(t *testing.T) {
 		t.Errorf("Wrong cgroupsPath, expected it to be empty string, got '%s'", cgroup.Path)
 	}
 }
+
+func TestDupNamespaces(t *testing.T) {
+	spec := &specs.Spec{
+		Linux: &specs.Linux{
+			Namespaces: []specs.Namespace{
+				{
+					Type: "pid",
+				},
+				{
+					Type: "pid",
+					Path: "/proc/1/ns/pid",
+				},
+			},
+		},
+	}
+
+	_, err := CreateLibcontainerConfig(&CreateOpts{
+		Spec: spec,
+	})
+
+	if err == nil {
+		t.Errorf("Duplicated namespaces should be forbidden")
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -187,6 +187,9 @@ func CreateLibcontainerConfig(opts CreateOpts) (configs.Config, error) {`
`187`	`187`	`if !exists {`
`188`	`188`	`return nil, fmt.Errorf("namespace %q does not exist", ns)`
`189`	`189`	`}`
	`190`	`+ if config.Namespaces.Contains(t) {`
	`191`	`+ return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)`
	`192`	`+ }`
`190`	`193`	`config.Namespaces.Add(t, ns.Path)`
`191`	`194`	`}`
`192`	`195`	`if config.Namespaces.Contains(configs.NEWNET) {`