Skip to content

Commit 02a519e

Browse files
author
Ma Shimiao
committed
validation: add linux resource check
Signed-off-by: Ma Shimiao <[email protected]>
1 parent 6aeb752 commit 02a519e

File tree

1 file changed

+46
-0
lines changed

1 file changed

+46
-0
lines changed

cmd/ocitools/validate.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,11 @@ func checkLinux(spec rspec.Spec, rootfs string, hostCheck bool) (msgs []string)
361361
}
362362
}
363363

364+
if spec.Linux.Resources != nil {
365+
ms := checkLinuxResources(*spec.Linux.Resources, hostCheck)
366+
msgs = append(msgs, ms...)
367+
}
368+
364369
if spec.Linux.Seccomp != nil {
365370
ms := checkSeccomp(*spec.Linux.Seccomp)
366371
msgs = append(msgs, ms...)
@@ -381,6 +386,47 @@ func checkLinux(spec rspec.Spec, rootfs string, hostCheck bool) (msgs []string)
381386
return
382387
}
383388

389+
func checkLinuxResources(r rspec.Resources, hostCheck bool) (msgs []string) {
390+
logrus.Debugf("check linux resources")
391+
392+
if r.OOMScoreAdj != nil && (int(*r.OOMScoreAdj) < -1000 || int(*r.OOMScoreAdj) > 1000) {
393+
msgs = append(msgs, fmt.Sprintf("OOMScoreAdj range is from -1000 to 1000"))
394+
}
395+
if r.Memory != nil {
396+
if r.Memory.Swappiness != nil && uint64(*r.Memory.Swappiness) > 100 {
397+
msgs = append(msgs, fmt.Sprintf("Memory swappiness range is 0-100"))
398+
}
399+
if r.Memory.Limit != nil && r.Memory.Swap != nil && uint64(*r.Memory.Limit) > uint64(*r.Memory.Swap) {
400+
msgs = append(msgs, fmt.Sprintf("Minimum memoryswap should be larger than memory limit"))
401+
}
402+
if r.Memory.Limit != nil && r.Memory.Reservation != nil && uint64(*r.Memory.Reservation) > uint64(*r.Memory.Limit) {
403+
msgs = append(msgs, fmt.Sprintf("Minimum memory limit should be larger than memory reservation"))
404+
}
405+
}
406+
if r.CPU != nil {
407+
if r.CPU.Quota != nil && uint64(*r.CPU.Quota) < 1000 {
408+
msgs = append(msgs, fmt.Sprintf("Cpu cfs quota shoud not be less than 1ms"))
409+
}
410+
if r.CPU.Period != nil && (uint64(*r.CPU.Period) < 1000 || uint64(*r.CPU.Period) > 1000000) {
411+
msgs = append(msgs, fmt.Sprintf("Cpu cfs period range is from 1ms to 1s"))
412+
}
413+
if hostCheck {
414+
// todo host-specific checks
415+
// mems, cpus
416+
}
417+
}
418+
if r.BlockIO != nil {
419+
if r.BlockIO.Weight != nil && (uint64(*r.BlockIO.Weight) < 10 || uint64(*r.BlockIO.Weight) > 1000) {
420+
msgs = append(msgs, fmt.Sprintf("BlockIO weight range is from 10 to 1000"))
421+
}
422+
if r.BlockIO.LeafWeight != nil && (uint64(*r.BlockIO.LeafWeight) < 10 || uint64(*r.BlockIO.LeafWeight) > 1000) {
423+
msgs = append(msgs, fmt.Sprintf("BlockIO leaf weight range is from 10 to 1000"))
424+
}
425+
}
426+
427+
return
428+
}
429+
384430
func checkSeccomp(s rspec.Seccomp) (msgs []string) {
385431
logrus.Debugf("check seccomp")
386432

0 commit comments

Comments
 (0)