Skip to content

Commit 8c00b14

Browse files
author
Ma Shimiao
authored
Merge pull request #481 from wking/warn-on-potentially-invalid-rlimits
validate: Soften unrecognized rlimit types to SHOULD violations
2 parents e0df0fd + 7553161 commit 8c00b14

File tree

3 files changed

+111
-2
lines changed

3 files changed

+111
-2
lines changed

specerror/config.go

+3
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@ const (
4646
PosixProcRlimitsTypeGeneError = "The runtime MUST [generate an error](runtime.md#errors) for any values which cannot be mapped to a relevant kernel interface."
4747
// PosixProcRlimitsTypeGet represents "For each entry in `rlimits`, a [`getrlimit(3)`][getrlimit.3] on `type` MUST succeed."
4848
PosixProcRlimitsTypeGet = "For each entry in `rlimits`, a [`getrlimit(3)`][getrlimit.3] on `type` MUST succeed."
49+
// PosixProcRlimitsTypeValueError represents "valid values are defined in the ... man page"
50+
PosixProcRlimitsTypeValueError = "valid values are defined in the ... man page"
4951
// PosixProcRlimitsSoftMatchCur represents "`rlim.rlim_cur` MUST match the configured value."
5052
PosixProcRlimitsSoftMatchCur = "`rlim.rlim_cur` MUST match the configured value."
5153
// PosixProcRlimitsHardMatchMax represents "`rlim.rlim_max` MUST match the configured value."
@@ -159,6 +161,7 @@ func init() {
159161
register(ProcArgsOneEntryRequired, rfc2119.Required, processRef)
160162
register(PosixProcRlimitsTypeGeneError, rfc2119.Must, posixProcessRef)
161163
register(PosixProcRlimitsTypeGet, rfc2119.Must, posixProcessRef)
164+
register(PosixProcRlimitsTypeValueError, rfc2119.Should, posixProcessRef)
162165
register(PosixProcRlimitsSoftMatchCur, rfc2119.Must, posixProcessRef)
163166
register(PosixProcRlimitsHardMatchMax, rfc2119.Must, posixProcessRef)
164167
register(PosixProcRlimitsErrorOnDup, rfc2119.Must, posixProcessRef)

validate/validate.go

+6-2
Original file line numberDiff line numberDiff line change
@@ -424,6 +424,10 @@ func (v *Validator) CheckCapabilities() (errs error) {
424424

425425
// CheckRlimits checks v.spec.Process.Rlimits
426426
func (v *Validator) CheckRlimits() (errs error) {
427+
if v.platform == "windows" {
428+
return
429+
}
430+
427431
process := v.spec.Process
428432
for index, rlimit := range process.Rlimits {
429433
for i := index + 1; i < len(process.Rlimits); i++ {
@@ -870,14 +874,14 @@ func (v *Validator) rlimitValid(rlimit rspec.POSIXRlimit) (errs error) {
870874
return
871875
}
872876
}
873-
errs = multierror.Append(errs, fmt.Errorf("rlimit type %q is invalid", rlimit.Type))
877+
errs = multierror.Append(errs, specerror.NewError(specerror.PosixProcRlimitsTypeValueError, fmt.Errorf("rlimit type %q may not be valid", rlimit.Type), v.spec.Version))
874878
} else if v.platform == "solaris" {
875879
for _, val := range posixRlimits {
876880
if val == rlimit.Type {
877881
return
878882
}
879883
}
880-
errs = multierror.Append(errs, fmt.Errorf("rlimit type %q is invalid", rlimit.Type))
884+
errs = multierror.Append(errs, specerror.NewError(specerror.PosixProcRlimitsTypeValueError, fmt.Errorf("rlimit type %q may not be valid", rlimit.Type), v.spec.Version))
881885
} else {
882886
logrus.Warnf("process.rlimits validation not yet implemented for platform %q", v.platform)
883887
}

validate/validate_test.go

+102
Original file line numberDiff line numberDiff line change
@@ -188,3 +188,105 @@ func TestCheckSemVer(t *testing.T) {
188188
assert.Equal(t, c.expected, specerror.FindError(err, c.expected), "Fail to check SemVer "+c.val)
189189
}
190190
}
191+
192+
func TestCheckProcess(t *testing.T) {
193+
cases := []struct {
194+
val rspec.Spec
195+
platform string
196+
expected specerror.Code
197+
}{
198+
{
199+
val: rspec.Spec{
200+
Version: "1.0.0",
201+
Process: &rspec.Process{
202+
Args: []string{"sh"},
203+
Cwd: "/",
204+
},
205+
},
206+
platform: "linux",
207+
expected: specerror.NonError,
208+
},
209+
{
210+
val: rspec.Spec{
211+
Version: "1.0.0",
212+
Process: &rspec.Process{
213+
Args: []string{"sh"},
214+
Cwd: "/",
215+
Rlimits: []rspec.POSIXRlimit{
216+
{
217+
Type: "RLIMIT_NOFILE",
218+
Hard: 1024,
219+
Soft: 1024,
220+
},
221+
{
222+
Type: "RLIMIT_NPROC",
223+
Hard: 512,
224+
Soft: 512,
225+
},
226+
},
227+
},
228+
},
229+
platform: "linux",
230+
expected: specerror.NonError,
231+
},
232+
{
233+
val: rspec.Spec{
234+
Version: "1.0.0",
235+
Process: &rspec.Process{
236+
Args: []string{"sh"},
237+
Cwd: "/",
238+
Rlimits: []rspec.POSIXRlimit{
239+
{
240+
Type: "RLIMIT_NOFILE",
241+
Hard: 1024,
242+
Soft: 1024,
243+
},
244+
},
245+
},
246+
},
247+
platform: "solaris",
248+
expected: specerror.NonError,
249+
},
250+
{
251+
val: rspec.Spec{
252+
Version: "1.0.0",
253+
Process: &rspec.Process{
254+
Args: []string{"sh"},
255+
Cwd: "/",
256+
Rlimits: []rspec.POSIXRlimit{
257+
{
258+
Type: "RLIMIT_DOES_NOT_EXIST",
259+
Hard: 512,
260+
Soft: 512,
261+
},
262+
},
263+
},
264+
},
265+
platform: "linux",
266+
expected: specerror.PosixProcRlimitsTypeValueError,
267+
},
268+
{
269+
val: rspec.Spec{
270+
Version: "1.0.0",
271+
Process: &rspec.Process{
272+
Args: []string{"sh"},
273+
Cwd: "/",
274+
Rlimits: []rspec.POSIXRlimit{
275+
{
276+
Type: "RLIMIT_NPROC",
277+
Hard: 512,
278+
Soft: 512,
279+
},
280+
},
281+
},
282+
},
283+
platform: "solaris",
284+
expected: specerror.PosixProcRlimitsTypeValueError,
285+
},
286+
}
287+
for _, c := range cases {
288+
v := NewValidator(&c.val, ".", false, c.platform)
289+
err := v.CheckProcess()
290+
assert.Equal(t, c.expected, specerror.FindError(err, c.expected), fmt.Sprintf("failed CheckProcess: %v %d", err, c.expected))
291+
}
292+
}

0 commit comments

Comments
 (0)