validate: increase OS validation for special cases

Signed-off-by: zhouhao <[email protected]>

Author: zhouhao

validate/validate.go

@@ -256,28 +256,30 @@ func (v *Validator) CheckProcess() (msgs []string) {
 		}
 	}
 
-	for _, capability := range process.Capabilities {
-		if err := CapValid(capability, v.HostSpecific); err != nil {
-			msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
+	if v.spec.Platform.OS == "linux" {
+		for _, capability := range process.Capabilities {
+			if err := CapValid(capability, v.HostSpecific); err != nil {
+				msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
+			}
 		}
-	}
 
-	for index, rlimit := range process.Rlimits {
-		if err := rlimitValid(rlimit); err != nil {
-			msgs = append(msgs, err.Error())
-		}
-		for i := index + 1; i < len(process.Rlimits); i++ {
-			if process.Rlimits[index].Type == process.Rlimits[i].Type {
-				msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
+		for index, rlimit := range process.Rlimits {
+			if err := rlimitValid(rlimit); err != nil {
+				msgs = append(msgs, err.Error())
+			}
+			for i := index + 1; i < len(process.Rlimits); i++ {
+				if process.Rlimits[index].Type == process.Rlimits[i].Type {
+					msgs = append(msgs, fmt.Sprintf("rlimit can not contain the same type %q.", process.Rlimits[index].Type))
+				}
 			}
 		}
-	}
 
-	if len(process.ApparmorProfile) > 0 {
-		profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
-		_, err := os.Stat(profilePath)
-		if err != nil {
-			msgs = append(msgs, err.Error())
+		if len(process.ApparmorProfile) > 0 {
+			profilePath := filepath.Join(v.bundlePath, v.spec.Root.Path, "/etc/apparmor.d", process.ApparmorProfile)
+			_, err := os.Stat(profilePath)
+			if err != nil {
+				msgs = append(msgs, err.Error())
+			}
 		}
 	}