jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #386 from mrunalp/userns_check 

Validation for user namespace in the config.
This commit is contained in:
Victor Marmol 2015-02-19 09:16:13 -08:00
parent 8c3b6b1868 f34b3b765f
commit 1b755bf962
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
configs/validate/config.go
View File

@ -2,6 +2,7 @@ package validate
import ( import (
"fmt" "fmt"
"os"
"path/filepath" "path/filepath"
"github.com/docker/libcontainer/configs" "github.com/docker/libcontainer/configs"
@ -31,6 +32,9 @@ func (v *ConfigValidator) Validate(config *configs.Config) error {
if err := v.security(config); err != nil { if err := v.security(config); err != nil {
return err return err
} }
if err := v.usernamespace(config); err != nil {
return err
}
return nil return nil
} }
@ -74,3 +78,16 @@ func (v *ConfigValidator) security(config *configs.Config) error {
} }
return nil return nil
} }
func (v *ConfigValidator) usernamespace(config *configs.Config) error {
if config.Namespaces.Contains(configs.NEWUSER) {
if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) {
return fmt.Errorf("USER namespaces aren't enabled in the kernel")
}
} else {
if config.UidMappings != nil || config.GidMappings != nil {
return fmt.Errorf("User namespace mappings specified, but USER namespace isn't enabled in the config")
}
}
return nil
}