validate: optimize capabilites check #220
Conversation
cmd/oci-runtime-tool/validate.go
Outdated
| if !capValid(capability) { | ||
| msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", process.Capabilities[index])) | ||
| if !capValid(capability, hostCheck) { | ||
| msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability)) |
There was a problem hiding this comment.
Complaining by capability (and not by index) makes sense to me. But now that we're doing that, I think we should replace the current for loop with:
for _, capability := range process.Capabilities {
cmd/oci-runtime-tool/validate.go
Outdated
|
|
||
| for _, cap := range capability.List() { | ||
| if cp == fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())) { | ||
| if hostSpecific && cap > lastCap() { |
There was a problem hiding this comment.
I'm not sure List is the right logic for host-agnostic checks. The docs say:
List returns list of all supported capabilities
What we want here is a list of all possible capabilities. But maybe I'm just misreading the docs. Does someone have an old kernel around to test this on?
cmd/oci-runtime-tool/validate.go
Outdated
| return false | ||
| } | ||
|
|
||
| func lastCap() capability.Cap { |
There was a problem hiding this comment.
I don't like duplicating code between the generate and validate libraries. Validation seems more fundamental to me, so can we make a public LastCap function here and import that into the generate library?
There was a problem hiding this comment.
It looks like your new capValid code is also coming over from generate. Can we move all of that to a public validate function and import that into the generate library as well?
There was a problem hiding this comment.
I also don't like duplicating code. @liangchenye is working on a new validate module at #188 .
Maybe we can made a cleanup after that merged or wait until it merged?
There was a problem hiding this comment.
I think #188 is ready to land, so I'd rather idle here.
Mashimiao
force-pushed
the
validate-optimize-cap-check
branch
from
9311515
to
409b189
Compare
Mashimiao
force-pushed
the
validate-optimize-cap-check
branch
from
409b189
to
6a29a11
Compare
|
@wking @mrunalp @liangchenye rebased. |
generate/generate.go
Outdated
| @@ -679,12 +679,12 @@ func lastCap() capability.Cap { | |||
| return last | |||
| } | |||
|
|
|||
| func checkCap(c string, hostSpecific bool) error { | |||
| func ValidCap(c string, hostSpecific bool) error { | |||
| isValid := false | |||
| cp := strings.ToUpper(c) | |||
There was a problem hiding this comment.
I think we can drop this. The spec says nothing about case-insensitivity, and the values listed in the referenced man page are uppercase.
generate/generate.go
Outdated
| @@ -694,7 +694,7 @@ func checkCap(c string, hostSpecific bool) error { | |||
| } | |||
|
|
|||
| if !isValid { | |||
| return fmt.Errorf("Invalid value passed for adding capability") | |||
| return fmt.Errorf("Invalid capability value: %s", cp) | |||
There was a problem hiding this comment.
Do we need “value”? I'd rather have Invalid capability: %q.
generate/generate.go
Outdated
| @@ -709,12 +709,11 @@ func (g *Generator) ClearProcessCapabilities() { | |||
|
|
|||
| // AddProcessCapability adds a process capability into g.spec.Process.Capabilities. | |||
| func (g *Generator) AddProcessCapability(c string) error { | |||
| if err := checkCap(c, g.HostSpecific); err != nil { | |||
| cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c)) | |||
There was a problem hiding this comment.
Why are we adding the CAP_ prefix here? I'd rather require AddProcessCapability callers give us a valid string without massaging it internally.
generate/generate.go
Outdated
| @@ -679,12 +679,12 @@ func lastCap() capability.Cap { | |||
| return last | |||
| } | |||
|
|
|||
| func checkCap(c string, hostSpecific bool) error { | |||
| func ValidCap(c string, hostSpecific bool) error { | |||
There was a problem hiding this comment.
I think ValidCap should live in validate/ and generate.go should import the validate package.
validate/validate.go
Outdated
| if process.Rlimits[index].Hard < process.Rlimits[index].Soft { | ||
| msgs = append(msgs, fmt.Sprintf("hard limit of rlimit %s should not be less than soft limit.", process.Rlimits[index].Type)) | ||
| if rlimit.Hard < rlimit.Soft { | ||
| msgs = append(msgs, fmt.Sprintf("hard limit of rlimit %s should not be less than soft limit.", rlimit.Type)) |
There was a problem hiding this comment.
rlimitValid is an overly-generic name if it only validates the type. I'd recommend renaming it to validRlimitType or moving the hard/soft limit checks inside validRlimit.
There was a problem hiding this comment.
move hard/soft limit check into rlimitValid
Mashimiao
force-pushed
the
validate-optimize-cap-check
branch
2 times, most recently
from
dd8124d
to
d2b72fc
Compare
validate/validate.go
Outdated
| @@ -123,6 +129,8 @@ func (v *Validator) CheckRootfsPath() (msgs []string) { | |||
| return | |||
|
|
|||
| } | |||
|
|
|||
| // CheckSemVer checks v.sepc.Version | |||
validate/validate.go
Outdated
| @@ -203,6 +213,7 @@ func checkEventHooks(hookType string, hooks []rspec.Hook, hostSpecific bool) (ms | |||
| return | |||
| } | |||
|
|
|||
| // CheckProcess checks v.spec.process | |||
validate/validate.go
Outdated
| if val == rlimit.Type { | ||
| if rlimit.Hard < rlimit.Soft { | ||
| return fmt.Errorf("hard limit of rlimit %s should not be less than soft limit", rlimit.Type) | ||
| } |
There was a problem hiding this comment.
I'd rather not bury the hard/soft comparison inside the type check. I'm fine checking this before the type, because “hard < soft” is always wrong, but “type not in defaultRlimits” could be “runtime-tools maintainers haven't taught runtime-tools about the new rlimit”. If you really want the type check first, you could do something like:
found := false
for … {
if val == rlimit.Type {
found = true
break
}
}
if !found {
return fmt.Errorf("rlimit type %q is invalid", rlimit.Type)
}
d2b72fc
to
9e28f93
Compare
|
On 10/22/2016 03:23 PM, W. Trevor King wrote:
I'd like do type check first.
Maybe I didn't understand your means. |
|
On Tue, Oct 25, 2016 at 11:21:28AM -0700, Ma Shimiao wrote:
But runtime-tools may think the type is invalid when it really isn't
Exactly. That lets you handle the hard/soft check independently after |
Mashimiao
force-pushed
the
validate-optimize-cap-check
branch
from
9e28f93
to
a73a5e8
Compare
|
Fixed. @wking PTAL |
|
a73a5e8 looks good to me, although it would be better to have
squashed that change into the “optimize capabilites check” commit
instead of putting it in the “add comments for exported functions”
commit.
|
|
ping @opencontainers/runtime-tools-maintainers |
|
LGTM |
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Mashimiao
force-pushed
the
validate-optimize-cap-check
branch
from
a73a5e8
to
73680b2
Compare
|
Rebased. @opencontainers/runtime-tools-maintainers PTAL |
|
@hqhq @mrunalp @liangchenye PTAL |
|
LGTM |
|
ping @liangchenye needs re-LGTM. |
|
LGTM |
Signed-off-by: Ma Shimiao mashimiao.fnst@cn.fujitsu.com
By now, if we generate with option --priviliged, the validation of bundle will fail.
capabilities need to be more than original defaultCap has.