-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
validate: optimize capabilites check #220
validate: optimize capabilites check #220
Conversation
cmd/oci-runtime-tool/validate.go
Outdated
if !capValid(capability) { | ||
msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", process.Capabilities[index])) | ||
if !capValid(capability, hostCheck) { | ||
msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Complaining by capability (and not by index) makes sense to me. But now that we're doing that, I think we should replace the current for loop with:
for _, capability := range process.Capabilities {
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed, thanks.
cmd/oci-runtime-tool/validate.go
Outdated
|
||
for _, cap := range capability.List() { | ||
if cp == fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())) { | ||
if hostSpecific && cap > lastCap() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure List
is the right logic for host-agnostic checks. The docs say:
List returns list of all supported capabilities
What we want here is a list of all possible capabilities. But maybe I'm just misreading the docs. Does someone have an old kernel around to test this on?
cmd/oci-runtime-tool/validate.go
Outdated
return false | ||
} | ||
|
||
func lastCap() capability.Cap { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like duplicating code between the generate and validate libraries. Validation seems more fundamental to me, so can we make a public LastCap
function here and import that into the generate library?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like your new capValid
code is also coming over from generate. Can we move all of that to a public validate function and import that into the generate library as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also don't like duplicating code. @liangchenye is working on a new validate module at #188 .
Maybe we can made a cleanup after that merged or wait until it merged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think #188 is ready to land, so I'd rather idle here.
9311515
to
409b189
Compare
409b189
to
6a29a11
Compare
@wking @mrunalp @liangchenye rebased. |
generate/generate.go
Outdated
@@ -679,12 +679,12 @@ func lastCap() capability.Cap { | |||
return last | |||
} | |||
|
|||
func checkCap(c string, hostSpecific bool) error { | |||
func ValidCap(c string, hostSpecific bool) error { | |||
isValid := false | |||
cp := strings.ToUpper(c) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can drop this. The spec says nothing about case-insensitivity, and the values listed in the referenced man page are uppercase.
generate/generate.go
Outdated
@@ -694,7 +694,7 @@ func checkCap(c string, hostSpecific bool) error { | |||
} | |||
|
|||
if !isValid { | |||
return fmt.Errorf("Invalid value passed for adding capability") | |||
return fmt.Errorf("Invalid capability value: %s", cp) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need “value”? I'd rather have Invalid capability: %q
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed.
generate/generate.go
Outdated
@@ -709,12 +709,11 @@ func (g *Generator) ClearProcessCapabilities() { | |||
|
|||
// AddProcessCapability adds a process capability into g.spec.Process.Capabilities. | |||
func (g *Generator) AddProcessCapability(c string) error { | |||
if err := checkCap(c, g.HostSpecific); err != nil { | |||
cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we adding the CAP_
prefix here? I'd rather require AddProcessCapability
callers give us a valid string without massaging it internally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed
generate/generate.go
Outdated
@@ -679,12 +679,12 @@ func lastCap() capability.Cap { | |||
return last | |||
} | |||
|
|||
func checkCap(c string, hostSpecific bool) error { | |||
func ValidCap(c string, hostSpecific bool) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think ValidCap
should live in validate/
and generate.go
should import the validate
package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine, fixed.
validate/validate.go
Outdated
if process.Rlimits[index].Hard < process.Rlimits[index].Soft { | ||
msgs = append(msgs, fmt.Sprintf("hard limit of rlimit %s should not be less than soft limit.", process.Rlimits[index].Type)) | ||
if rlimit.Hard < rlimit.Soft { | ||
msgs = append(msgs, fmt.Sprintf("hard limit of rlimit %s should not be less than soft limit.", rlimit.Type)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rlimitValid
is an overly-generic name if it only validates the type. I'd recommend renaming it to validRlimitType
or moving the hard/soft limit checks inside validRlimit
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move hard/soft limit check into rlimitValid
dd8124d
to
d2b72fc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking pretty good, just a few remaining nits.
validate/validate.go
Outdated
@@ -123,6 +129,8 @@ func (v *Validator) CheckRootfsPath() (msgs []string) { | |||
return | |||
|
|||
} | |||
|
|||
// CheckSemVer checks v.sepc.Version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“sepc” → “spec”
validate/validate.go
Outdated
@@ -203,6 +213,7 @@ func checkEventHooks(hookType string, hooks []rspec.Hook, hostSpecific bool) (ms | |||
return | |||
} | |||
|
|||
// CheckProcess checks v.spec.process |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“process” → “Process”.
validate/validate.go
Outdated
if val == rlimit.Type { | ||
if rlimit.Hard < rlimit.Soft { | ||
return fmt.Errorf("hard limit of rlimit %s should not be less than soft limit", rlimit.Type) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd rather not bury the hard/soft comparison inside the type check. I'm fine checking this before the type, because “hard < soft” is always wrong, but “type not in defaultRlimits
” could be “runtime-tools maintainers haven't taught runtime-tools about the new rlimit”. If you really want the type check first, you could do something like:
found := false
for … {
if val == rlimit.Type {
found = true
break
}
}
if !found {
return fmt.Errorf("rlimit type %q is invalid", rlimit.Type)
}
d2b72fc
to
9e28f93
Compare
On 10/22/2016 03:23 PM, W. Trevor King wrote:
I'd like do type check first.
Maybe I didn't understand your means. |
On Tue, Oct 25, 2016 at 11:21:28AM -0700, Ma Shimiao wrote:
But runtime-tools may think the type is invalid when it really isn't
Exactly. That lets you handle the hard/soft check independently after |
9e28f93
to
a73a5e8
Compare
Fixed. @wking PTAL |
a73a5e8 looks good to me, although it would be better to have
squashed that change into the “optimize capabilites check” commit
instead of putting it in the “add comments for exported functions”
commit.
|
ping @opencontainers/runtime-tools-maintainers |
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
a73a5e8
to
73680b2
Compare
Rebased. @opencontainers/runtime-tools-maintainers PTAL |
@hqhq @mrunalp @liangchenye PTAL |
ping @liangchenye needs re-LGTM. |
Signed-off-by: Ma Shimiao mashimiao.fnst@cn.fujitsu.com
By now, if we generate with option --priviliged, the validation of bundle will fail.
capabilities need to be more than original defaultCap has.