diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-06-28 09:56:23 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-06-28 09:57:27 -0700 |
| commit | 8459390cdd81ef1c8180948566e893b06233923c (patch) | |
| tree | 62966e8519bf3176a0fd1d4e0a4594e640e193e2 /runsc/container | |
| parent | 1f207de315430fb178b7025a5afd419afdc31449 (diff) | |
Error out if spec is invalid
Closes #66
PiperOrigin-RevId: 202496258
Change-Id: Ib9287c5bf1279ffba1db21ebd9e6b59305cddf34
Diffstat (limited to 'runsc/container')
| -rw-r--r-- | runsc/container/container.go | 9 | ||||
| -rw-r--r-- | runsc/container/container_test.go | 22 |
2 files changed, 4 insertions, 27 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go index 428aa5c62..c7dc6ec10 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -193,9 +193,6 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo if err := validateID(id); err != nil { return nil, err } - if err := specutils.ValidateSpec(spec); err != nil { - return nil, err - } containerRoot := filepath.Join(conf.RootDir, id) if _, err := os.Stat(containerRoot); err == nil { @@ -434,8 +431,10 @@ func (c *Container) Destroy() error { log.Debugf("Destroy container %q", c.ID) // First stop the container. - if err := c.Sandbox.Stop(c.ID); err != nil { - return err + if c.Sandbox != nil { + if err := c.Sandbox.Stop(c.ID); err != nil { + return err + } } // "If any poststop hook fails, the runtime MUST log a warning, but the diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go index de487ea97..11285a123 100644 --- a/runsc/container/container_test.go +++ b/runsc/container/container_test.go @@ -812,28 +812,6 @@ func TestConsoleSocket(t *testing.T) { } } -func TestSpecUnsupported(t *testing.T) { - spec := testutil.NewSpecWithArgs("/bin/true") - spec.Process.SelinuxLabel = "somelabel" - - // These are normally set by docker and will just cause warnings to be logged. - spec.Process.ApparmorProfile = "someprofile" - spec.Linux = &specs.Linux{Seccomp: &specs.LinuxSeccomp{}} - - rootDir, bundleDir, conf, err := testutil.SetupContainer(spec) - if err != nil { - t.Fatalf("error setting up container: %v", err) - } - defer os.RemoveAll(rootDir) - defer os.RemoveAll(bundleDir) - - id := testutil.UniqueContainerID() - _, err = container.Create(id, spec, conf, bundleDir, "", "", "") - if err == nil || !strings.Contains(err.Error(), "is not supported") { - t.Errorf("container.Create() wrong error, got: %v, want: *is not supported, spec.Process: %+v", err, spec.Process) - } -} - // TestRunNonRoot checks that sandbox can be configured when running as // non-privileged user. func TestRunNonRoot(t *testing.T) { |