diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-06-28 09:56:23 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-06-28 09:57:27 -0700 |
| commit | 8459390cdd81ef1c8180948566e893b06233923c (patch) | |
| tree | 62966e8519bf3176a0fd1d4e0a4594e640e193e2 /runsc/specutils/specutils.go | |
| parent | 1f207de315430fb178b7025a5afd419afdc31449 (diff) | |
Error out if spec is invalid
Closes #66
PiperOrigin-RevId: 202496258
Change-Id: Ib9287c5bf1279ffba1db21ebd9e6b59305cddf34
Diffstat (limited to 'runsc/specutils/specutils.go')
| -rw-r--r-- | runsc/specutils/specutils.go | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index c552111f2..0d9e09e9d 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -47,10 +47,28 @@ func LogSpec(spec *specs.Spec) { // ValidateSpec validates that the spec is compatible with runsc. func ValidateSpec(spec *specs.Spec) error { + // Mandatory fields. if spec.Process == nil { - return fmt.Errorf("Process must be defined") + return fmt.Errorf("Spec.Process must be defined: %+v", spec) } - if spec.Process.SelinuxLabel != "" { + if len(spec.Process.Args) == 0 { + return fmt.Errorf("Spec.Process.Arg must be defined: %+v", spec.Process) + } + if spec.Root == nil { + return fmt.Errorf("Spec.Root must be defined: %+v", spec) + } + if len(spec.Root.Path) == 0 { + return fmt.Errorf("Spec.Root.Path must be defined: %+v", spec.Root) + } + + // Unsupported fields. + if spec.Solaris != nil { + return fmt.Errorf("Spec.Solaris is not supported: %+v", spec) + } + if spec.Windows != nil { + return fmt.Errorf("Spec.Windows is not supported: %+v", spec) + } + if len(spec.Process.SelinuxLabel) != 0 { return fmt.Errorf("SELinux is not supported: %s", spec.Process.SelinuxLabel) } @@ -64,7 +82,7 @@ func ValidateSpec(spec *specs.Spec) error { log.Warningf("Seccomp spec is being ignored") } - // 2 annotations are use by containerd to support multi-container pods. + // Two annotations are use by containerd to support multi-container pods. // "io.kubernetes.cri.container-type" // "io.kubernetes.cri.sandbox-id" containerType, hasContainerType := spec.Annotations[ContainerdContainerTypeAnnotation] @@ -98,6 +116,9 @@ func ReadSpec(bundleDir string) (*specs.Spec, error) { if err := json.Unmarshal(specBytes, &spec); err != nil { return nil, fmt.Errorf("error unmarshaling spec from file %q: %v\n %s", specFile, err, string(specBytes)) } + if err := ValidateSpec(&spec); err != nil { + return nil, err + } return &spec, nil } |