Skip to content

Commit 46fea50

Browse files
author
Ma Shimiao
committed
runtime: support IDMappings validation
Signed-off-by: Ma Shimiao <[email protected]>
1 parent a05c891 commit 46fea50

File tree

1 file changed

+75
-0
lines changed

1 file changed

+75
-0
lines changed

cmd/runtimetest/main.go

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -409,6 +409,79 @@ func validateOOMScoreAdj(spec *rspec.Spec) error {
409409
return nil
410410
}
411411

412+
func getIDMappings(path string) ([]rspec.IDMapping, error) {
413+
var idMaps []rspec.IDMapping
414+
f, err := os.Open(path)
415+
if err != nil {
416+
return nil, err
417+
}
418+
defer f.Close()
419+
420+
s := bufio.NewScanner(f)
421+
for s.Scan() {
422+
if err := s.Err(); err != nil {
423+
return nil, err
424+
}
425+
426+
idMap := strings.Fields(strings.TrimSpace(s.Text()))
427+
if len(idMap) == 3 {
428+
hostID, err := strconv.ParseUint(idMap[0], 0, 32)
429+
if err != nil {
430+
return nil, err
431+
}
432+
containerID, err := strconv.ParseUint(idMap[1], 0, 32)
433+
if err != nil {
434+
return nil, err
435+
}
436+
mapSize, err := strconv.ParseUint(idMap[2], 0, 32)
437+
if err != nil {
438+
return nil, err
439+
}
440+
idMaps = append(idMaps, rspec.IDMapping{HostID: uint32(hostID), ContainerID: uint32(containerID), Size: uint32(mapSize)})
441+
} else {
442+
return nil, fmt.Errorf("invalid format in %v", path)
443+
}
444+
}
445+
446+
return idMaps, nil
447+
}
448+
449+
func validateIDMappings(mappings []rspec.IDMapping, path string, property string) error {
450+
idMaps, err := getIDMappings(path)
451+
if err != nil {
452+
return fmt.Errorf("can not get items: %v", err)
453+
}
454+
if len(mappings) != 0 && len(mappings) != len(idMaps) {
455+
return fmt.Errorf("expected %d entries in %v, but acutal is %d", len(mappings), path, len(idMaps))
456+
}
457+
for _, v := range mappings {
458+
exist := false
459+
for _, cv := range idMaps {
460+
if v.HostID == cv.HostID && v.ContainerID == cv.ContainerID && v.Size == cv.Size {
461+
exist = true
462+
break
463+
}
464+
}
465+
if !exist {
466+
return fmt.Errorf("%v is not applied as expected", property)
467+
}
468+
}
469+
470+
return nil
471+
}
472+
473+
func validateUIDMappings(spec *rspec.Spec) error {
474+
logrus.Debugf("validating uidMappings")
475+
476+
return validateIDMappings(spec.Linux.UIDMappings, "/proc/self/uid_map", "linux.uidMappings")
477+
}
478+
479+
func validateGIDMappings(spec *rspec.Spec) error {
480+
logrus.Debugf("validating gidMappings")
481+
482+
return validateIDMappings(spec.Linux.GIDMappings, "/proc/self/gid_map", "linux.gidMappings")
483+
}
484+
412485
func mountMatch(specMount rspec.Mount, sysMount rspec.Mount) error {
413486
if specMount.Destination != sysMount.Destination {
414487
return fmt.Errorf("mount destination expected: %v, actual: %v", specMount.Destination, sysMount.Destination)
@@ -489,6 +562,8 @@ func validate(context *cli.Context) error {
489562
validateMaskedPaths,
490563
validateROPaths,
491564
validateOOMScoreAdj,
565+
validateUIDMappings,
566+
validateGIDMappings,
492567
}
493568

494569
for _, v := range defaultValidations {

0 commit comments

Comments
 (0)