diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-06-28 09:56:23 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-06-28 09:57:27 -0700 |
| commit | 8459390cdd81ef1c8180948566e893b06233923c (patch) | |
| tree | 62966e8519bf3176a0fd1d4e0a4594e640e193e2 /runsc/cmd | |
| parent | 1f207de315430fb178b7025a5afd419afdc31449 (diff) | |
Error out if spec is invalid
Closes #66
PiperOrigin-RevId: 202496258
Change-Id: Ib9287c5bf1279ffba1db21ebd9e6b59305cddf34
Diffstat (limited to 'runsc/cmd')
| -rw-r--r-- | runsc/cmd/boot.go | 6 | ||||
| -rw-r--r-- | runsc/cmd/cmd.go | 2 | ||||
| -rw-r--r-- | runsc/cmd/gofer.go | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/runsc/cmd/boot.go b/runsc/cmd/boot.go index 0d0e6b63f..685cb6f00 100644 --- a/runsc/cmd/boot.go +++ b/runsc/cmd/boot.go @@ -23,6 +23,7 @@ import ( "context" "flag" "github.com/google/subcommands" + specs "github.com/opencontainers/runtime-spec/specs-go" "gvisor.googlesource.com/gvisor/pkg/log" "gvisor.googlesource.com/gvisor/runsc/boot" "gvisor.googlesource.com/gvisor/runsc/specutils" @@ -116,6 +117,9 @@ func (b *Boot) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) if b.applyCaps { caps := spec.Process.Capabilities + if caps == nil { + caps = &specs.LinuxCapabilities{} + } if conf.Platform == boot.PlatformPtrace { // Ptrace platform requires extra capabilities. const c = "CAP_SYS_PTRACE" @@ -131,7 +135,7 @@ func (b *Boot) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) args = append(args, arg) } } - if err := setCapsAndCallSelf(spec, args, caps); err != nil { + if err := setCapsAndCallSelf(args, caps); err != nil { Fatalf("%v", err) } panic("setCapsAndCallSelf must never return success") diff --git a/runsc/cmd/cmd.go b/runsc/cmd/cmd.go index 940c8cd14..44ebd7165 100644 --- a/runsc/cmd/cmd.go +++ b/runsc/cmd/cmd.go @@ -72,7 +72,7 @@ func (i *intFlags) Set(s string) error { // setCapsAndCallSelf sets capabilities to the current thread and then execve's // itself again with the arguments specified in 'args' to restart the process // with the desired capabilities. -func setCapsAndCallSelf(spec *specs.Spec, args []string, caps *specs.LinuxCapabilities) error { +func setCapsAndCallSelf(args []string, caps *specs.LinuxCapabilities) error { // Keep thread locked while capabilities are changed. runtime.LockOSThread() defer runtime.UnlockOSThread() diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go index 8e1060a35..55315c0e8 100644 --- a/runsc/cmd/gofer.go +++ b/runsc/cmd/gofer.go @@ -95,7 +95,7 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) // Note: minimal argument handling for the default case to keep it simple. args := os.Args args = append(args, "--apply-caps=false") - if err := setCapsAndCallSelf(spec, args, lc); err != nil { + if err := setCapsAndCallSelf(args, lc); err != nil { Fatalf("Unable to apply caps: %v", err) } panic("unreachable") |