packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0021-spec-add-verify-for-device-cgroup-access-mode.patch
haozi007 e72b756384 iSulad: sync with upstream iSulad 
Signed-off-by: haozi007 <liuhao27@huawei.com>
2021-03-23 09:50:40 +08:00

103 lines
3.2 KiB
Diff
Raw Blame History

From 82d59974b5fcb0abfa2f488801e7d9ed2f93a718 Mon Sep 17 00:00:00 2001
From: Li Feng <lifeng2221dd1@zoho.com.cn>
Date: Sat, 30 Jan 2021 14:22:16 +0800
Subject: [PATCH 21/53] spec: add verify for device cgroup access mode
Signed-off-by: Li Feng <lifeng2221dd1@zoho.com.cn>
---
src/daemon/modules/spec/verify.c | 27 +++++++++++++++++++++++++++
src/utils/cutils/utils_verify.c | 26 ++++++++++++++++++++++++--
2 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 053a57b3..a3156579 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -1064,6 +1064,26 @@ static int adapt_resources_memory(const sysinfo_t *sysinfo, defs_resources_memor
return adapt_memory_swap(sysinfo, &(memory->limit), &(memory->swap));
}
+/* verify resources device */
+static int verify_resources_device(defs_resources *resources)
+{
+ int ret = 0;
+ size_t i = 0;
+
+ for (i = 0; i < resources->devices_len; i++) {
+ if (!util_valid_device_mode(resources->devices[i]->access)) {
+ ERROR("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access,
+ resources->devices[i]->major, resources->devices[i]->minor);
+ isulad_set_error_message("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access,
+ resources->devices[i]->major, resources->devices[i]->minor);
+ ret = -1;
+ goto out;
+ }
+ }
+out:
+ return ret;
+}
+
/* verify linux resources */
static int verify_linux_resources(const sysinfo_t *sysinfo, defs_resources *resources)
{
@@ -1104,6 +1124,13 @@ static int verify_linux_resources(const sysinfo_t *sysinfo, defs_resources *reso
goto out;
}
}
+ // device
+ if (resources->devices != NULL) {
+ ret = verify_resources_device(resources);
+ if (ret != 0) {
+ goto out;
+ }
+ }
out:
return ret;
}
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index 5a18e664..58191685 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -184,14 +184,36 @@ bool util_validate_socket(const char *socket)
bool util_valid_device_mode(const char *mode)
{
size_t i = 0;
+ int r_count = 0;
+ int w_count = 0;
+ int m_count = 0;
if (mode == NULL || !strcmp(mode, "")) {
return false;
}
for (i = 0; i < strlen(mode); i++) {
- if (mode[i] != 'r' && mode[i] != 'w' && mode[i] != 'm') {
- return false;
+ switch (mode[i]) {
+ case 'r':
+ if (r_count != 0) {
+ return false;
+ }
+ r_count++;
+ break;
+ case 'w':
+ if (w_count != 0) {
+ return false;
+ }
+ w_count++;
+ break;
+ case 'm':
+ if (m_count != 0) {
+ return false;
+ }
+ m_count++;
+ break;
+ default:
+ return false;
}
}
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink