Detect and forbid duplicated namespace in spec
When spec file contains duplicated namespaces, e.g. specs: specs.Spec{ Linux: &specs.Linux{ Namespaces: []specs.Namespace{ { Type: "pid", }, { Type: "pid", Path: "/proc/1/ns/pid", }, }, }, } runc should report malformed spec instead of using latest one by default, because this spec could be quite confusing. Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
This commit is contained in:
parent
a08733bd5d
commit
a0f7977f0f
|
@ -187,6 +187,9 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
|
|||
if !exists {
|
||||
return nil, fmt.Errorf("namespace %q does not exist", ns)
|
||||
}
|
||||
if config.Namespaces.Contains(t) {
|
||||
return nil, fmt.Errorf("malformed spec file: duplicated ns %q", ns)
|
||||
}
|
||||
config.Namespaces.Add(t, ns.Path)
|
||||
}
|
||||
if config.Namespaces.Contains(configs.NEWNET) {
|
||||
|
|
|
@ -38,3 +38,27 @@ func TestLinuxCgroupsPathNotSpecified(t *testing.T) {
|
|||
t.Errorf("Wrong cgroupsPath, expected it to be empty string, got '%s'", cgroup.Path)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDupNamespaces(t *testing.T) {
|
||||
spec := &specs.Spec{
|
||||
Linux: &specs.Linux{
|
||||
Namespaces: []specs.Namespace{
|
||||
{
|
||||
Type: "pid",
|
||||
},
|
||||
{
|
||||
Type: "pid",
|
||||
Path: "/proc/1/ns/pid",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
_, err := CreateLibcontainerConfig(&CreateOpts{
|
||||
Spec: spec,
|
||||
})
|
||||
|
||||
if err == nil {
|
||||
t.Errorf("Duplicated namespaces should be forbidden")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue