Skip to content

Commit 15b0436

Browse files
author
Mrunal Patel
authored
Merge pull request #209 from Mashimiao/runtime-test-id-mappings-validation
runtime: support IDMappings validation
2 parents 81d12ed + 46fea50 commit 15b0436

File tree

1 file changed

+75
-0
lines changed

1 file changed

+75
-0
lines changed

cmd/runtimetest/main.go

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -410,6 +410,79 @@ func validateOOMScoreAdj(spec *rspec.Spec) error {
410410
return nil
411411
}
412412

413+
func getIDMappings(path string) ([]rspec.IDMapping, error) {
414+
var idMaps []rspec.IDMapping
415+
f, err := os.Open(path)
416+
if err != nil {
417+
return nil, err
418+
}
419+
defer f.Close()
420+
421+
s := bufio.NewScanner(f)
422+
for s.Scan() {
423+
if err := s.Err(); err != nil {
424+
return nil, err
425+
}
426+
427+
idMap := strings.Fields(strings.TrimSpace(s.Text()))
428+
if len(idMap) == 3 {
429+
hostID, err := strconv.ParseUint(idMap[0], 0, 32)
430+
if err != nil {
431+
return nil, err
432+
}
433+
containerID, err := strconv.ParseUint(idMap[1], 0, 32)
434+
if err != nil {
435+
return nil, err
436+
}
437+
mapSize, err := strconv.ParseUint(idMap[2], 0, 32)
438+
if err != nil {
439+
return nil, err
440+
}
441+
idMaps = append(idMaps, rspec.IDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)})
442+
} else {
443+
return nil, fmt.Errorf("invalid format in %v", path)
444+
}
445+
}
446+
447+
return idMaps, nil
448+
}
449+
450+
func validateIDMappings(mappings []rspec.IDMapping, path string, property string) error {
451+
idMaps, err := getIDMappings(path)
452+
if err != nil {
453+
return fmt.Errorf("can not get items: %v", err)
454+
}
455+
if len(mappings) != 0 && len(mappings) != len(idMaps) {
456+
return fmt.Errorf("expected %d entries in %v, but acutal is %d", len(mappings), path, len(idMaps))
457+
}
458+
for _, v := range mappings {
459+
exist := false
460+
for _, cv := range idMaps {
461+
if v.HostID == cv.HostID && v.ContainerID == cv.ContainerID && v.Size == cv.Size {
462+
exist = true
463+
break
464+
}
465+
}
466+
if !exist {
467+
return fmt.Errorf("%v is not applied as expected", property)
468+
}
469+
}
470+
471+
return nil
472+
}
473+
474+
func validateUIDMappings(spec *rspec.Spec) error {
475+
logrus.Debugf("validating uidMappings")
476+
477+
return validateIDMappings(spec.Linux.UIDMappings, "/proc/self/uid_map", "linux.uidMappings")
478+
}
479+
480+
func validateGIDMappings(spec *rspec.Spec) error {
481+
logrus.Debugf("validating gidMappings")
482+
483+
return validateIDMappings(spec.Linux.GIDMappings, "/proc/self/gid_map", "linux.gidMappings")
484+
}
485+
413486
func mountMatch(specMount rspec.Mount, sysMount rspec.Mount) error {
414487
if specMount.Destination != sysMount.Destination {
415488
return fmt.Errorf("mount destination expected: %v, actual: %v", specMount.Destination, sysMount.Destination)
@@ -490,6 +563,8 @@ func validate(context *cli.Context) error {
490563
validateMaskedPaths,
491564
validateROPaths,
492565
validateOOMScoreAdj,
566+
validateUIDMappings,
567+
validateGIDMappings,
493568
}
494569

495570
for _, v := range defaultValidations {

0 commit comments

Comments
 (0)