Skip to content

Commit 1580403

Browse files
author
zhouhao
committed
validate: increase OS validation for special cases
Signed-off-by: zhouhao <[email protected]>
1 parent ce55f9b commit 1580403

File tree

1 file changed

+38
-15
lines changed

1 file changed

+38
-15
lines changed

validate/validate.go

Lines changed: 38 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -256,29 +256,52 @@ func (v *Validator) CheckProcess() (msgs []string) {
256256
}
257257
}
258258

259-
for _, capability := range process.Capabilities {
260-
if err := CapValid(capability, v.HostSpecific); err != nil {
261-
msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
259+
msgs = append(msgs, v.CheckCapablities()...)
260+
msgs = append(msgs, v.CheckRlimits()...)
261+
262+
if v.spec.Platform.OS == "linux" {
263+
264+
if len(process.ApparmorProfile) > 0 {
265+
profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
266+
_, err := os.Stat(profilePath)
267+
if err != nil {
268+
msgs = append(msgs, err.Error())
269+
}
262270
}
263271
}
264272

265-
for index, rlimit := range process.Rlimits {
266-
if err := rlimitValid(rlimit); err != nil {
267-
msgs = append(msgs, err.Error())
268-
}
269-
for i := index + 1; i < len(process.Rlimits); i++ {
270-
if process.Rlimits[index].Type == process.Rlimits[i].Type {
271-
msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
273+
return
274+
}
275+
276+
func (v *Validator) CheckCapablities() (msgs []string) {
277+
if v.spec.Platform.OS == "linux" {
278+
for _, capability := range v.spec.Process.Capabilities {
279+
if err := CapValid(capability, v.HostSpecific); err != nil {
280+
msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
272281
}
273282
}
283+
} else {
284+
logrus.Warnf("OS %q has not yet have a special value for capabilities", v.spec.Platform.OS)
274285
}
275286

276-
if len(process.ApparmorProfile) > 0 {
277-
profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
278-
_, err := os.Stat(profilePath)
279-
if err != nil {
280-
msgs = append(msgs, err.Error())
287+
return
288+
}
289+
290+
func (v *Validator) CheckRlimits() (msgs []string) {
291+
process := v.spec.Process
292+
if v.spec.Platform.OS == "linux" {
293+
for index, rlimit := range process.Rlimits {
294+
if err := rlimitValid(rlimit); err != nil {
295+
msgs = append(msgs, err.Error())
296+
}
297+
for i := index + 1; i < len(process.Rlimits); i++ {
298+
if process.Rlimits[index].Type == process.Rlimits[i].Type {
299+
msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
300+
}
301+
}
281302
}
303+
} else {
304+
logrus.Warnf("OS %q has not yet have a special value for rlimits", v.spec.Platform.OS)
282305
}
283306

284307
return

0 commit comments

Comments
 (0)