Merge pull request #1551 from crosbymichael/linux-nil

fix panic when Linux is nil
2017-08-14 19:35:31 +08:00 · 2017-08-14 19:35:31 +08:00 · 9aa46c1e66
parent 3f2f8b84a7 527dc5acbb
commit 9aa46c1e66
1 changed files with 63 additions and 56 deletions
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@ -184,20 +184,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	}

 	exists := false
-	if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
-		return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
-	}
-
-	for _, ns := range spec.Linux.Namespaces {
-		t, exists := namespaceMapping[ns.Type]
-		if !exists {
-			return nil, fmt.Errorf("namespace %q does not exist", ns)
-		}
-		if config.Namespaces.Contains(t) {
-			return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
-		}
-		config.Namespaces.Add(t, ns.Path)
-	}
 	if config.Namespaces.Contains(configs.NEWNET) {
 		config.Networks = []*configs.Network{
 			{
@ -219,9 +205,26 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 		return nil, err
 	}
 	config.Cgroups = c
-	// set extra path masking for libcontainer for the various unsafe places in proc
+	// set linux-specific config
+	if spec.Linux != nil {
+		if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
+			return nil, fmt.Errorf("rootfsPropagation=%v is not supported", spec.Linux.RootfsPropagation)
+		}
+
+		for _, ns := range spec.Linux.Namespaces {
+			t, exists := namespaceMapping[ns.Type]
+			if !exists {
+				return nil, fmt.Errorf("namespace %q does not exist", ns)
+			}
+			if config.Namespaces.Contains(t) {
+				return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
+			}
+			config.Namespaces.Add(t, ns.Path)
+		}
 		config.MaskPaths = spec.Linux.MaskedPaths
 		config.ReadonlyPaths = spec.Linux.ReadonlyPaths
+		config.MountLabel = spec.Linux.MountLabel
+		config.Sysctl = spec.Linux.Sysctl
 		if spec.Linux.Seccomp != nil {
 			seccomp, err := setupSeccomp(spec.Linux.Seccomp)
 			if err != nil {
@ -229,6 +232,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 			}
 			config.Seccomp = seccomp
 		}
+	}
 	if spec.Process.SelinuxLabel != "" {
 		config.ProcessLabel = spec.Process.SelinuxLabel
 	}
@ -246,7 +250,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 		}
 	}
 	createHooks(spec, config)
-	config.MountLabel = spec.Linux.MountLabel
 	config.Version = specs.Version
 	return config, nil
 }
@ -566,6 +569,7 @@ func createDevices(spec *specs.Spec, config *configs.Config) error {
 		},
 	}
 	// merge in additional devices from the spec
+	if spec.Linux != nil {
 		for _, d := range spec.Linux.Devices {
 			var uid, gid uint32
 			var filemode os.FileMode = 0666
@ -594,13 +598,11 @@ func createDevices(spec *specs.Spec, config *configs.Config) error {
 			}
 			config.Devices = append(config.Devices, device)
 		}
+	}
 	return nil
 }

 func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
-	if len(spec.Linux.UIDMappings) == 0 {
-		return nil
-	}
 	create := func(m specs.LinuxIDMapping) configs.IDMap {
 		return configs.IDMap{
 			HostID:      int(m.HostID),
@ -608,12 +610,17 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error {
 			Size:        int(m.Size),
 		}
 	}
+	if spec.Linux != nil {
+		if len(spec.Linux.UIDMappings) == 0 {
+			return nil
+		}
 		for _, m := range spec.Linux.UIDMappings {
 			config.UidMappings = append(config.UidMappings, create(m))
 		}
 		for _, m := range spec.Linux.GIDMappings {
 			config.GidMappings = append(config.GidMappings, create(m))
 		}
+	}
 	rootUID, err := config.HostRootUID()
 	if err != nil {
 		return err