move common codes to uitls

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
opencontainers · Jul 5, 2017 · 4708aab · 4708aab
1 parent 038e9eb
commit 4708aab
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 83 deletions.
diff --git a/cmd/oci-runtime-tool/generate.go b/cmd/oci-runtime-tool/generate.go
@@ -13,6 +13,7 @@ import (
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/opencontainers/runtime-tools/generate/seccomp"
+	"github.com/opencontainers/runtime-tools/utils"
 	"github.com/urfave/cli"
 )
 
@@ -411,19 +412,17 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 	}
 
 	if context.IsSet("linux-cpus") {
-		if err := uintListValid(context.String("linux-cpus")); err != nil {
+		if err := utils.UnitListValid(context.String("linux-cpus")); err != nil {
 			return err
-		} else {
-			g.SetLinuxResourcesCPUCpus(context.String("linux-cpus"))
 		}
+		g.SetLinuxResourcesCPUCpus(context.String("linux-cpus"))
 	}
 
 	if context.IsSet("linux-mems") {
-		if err := uintListValid(context.String("linux-mems")); err != nil {
+		if err := utils.UnitListValid(context.String("linux-mems")); err != nil {
 			return err
-		} else {
-			g.SetLinuxResourcesCPUMems(context.String("linux-mems"))
 		}
+		g.SetLinuxResourcesCPUMems(context.String("linux-mems"))
 	}
 
 	if context.IsSet("linux-mem-limit") {
@@ -549,38 +548,6 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 	return err
 }
 
-func uintListValid(val string) error {
-	if val == "" {
-		return nil
-	}
-
-	split := strings.Split(val, ",")
-	errInvalidFormat := fmt.Errorf("invalid format: %s", val)
-
-	for _, r := range split {
-		if !strings.Contains(r, "-") {
-			_, err := strconv.Atoi(r)
-			if err != nil {
-				return errInvalidFormat
-			}
-		} else {
-			split := strings.SplitN(r, "-", 2)
-			min, err := strconv.Atoi(split[0])
-			if err != nil {
-				return errInvalidFormat
-			}
-			max, err := strconv.Atoi(split[1])
-			if err != nil {
-				return errInvalidFormat
-			}
-			if max < min {
-				return errInvalidFormat
-			}
-		}
-	}
-	return nil
-}
-
 func parseIDMapping(idms string) (uint32, uint32, uint32, error) {
 	idm := strings.Split(idms, ":")
 	if len(idm) != 3 {

diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go
@@ -18,6 +18,7 @@ import (
 	"github.com/mndrix/tap-go"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/cmd/runtimetest/mount"
+	"github.com/opencontainers/runtime-tools/utils"
 	"github.com/syndtr/gocapability/capability"
 	"github.com/urfave/cli"
 )
@@ -151,11 +152,7 @@ func validateLinuxProcess(spec *rspec.Spec) error {
 }
 
 func validateCapabilities(spec *rspec.Spec) error {
-	last := capability.CAP_LAST_CAP
-	// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
-	if last == capability.Cap(63) {
-		last = capability.CAP_BLOCK_SUSPEND
-	}
+	last := utils.LastCap()
 
 	processCaps, err := capability.NewPid(0)
 	if err != nil {

diff --git a/generate/generate.go b/generate/generate.go
@@ -10,7 +10,7 @@ import (
 
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate/seccomp"
-	"github.com/opencontainers/runtime-tools/validate"
+	"github.com/opencontainers/runtime-tools/utils"
 	"github.com/syndtr/gocapability/capability"
 )
 
@@ -816,7 +816,7 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 	if privileged { // Add all capabilities in privileged mode.
 		var finalCapList []string
 		for _, cap := range capability.List() {
-			if g.HostSpecific && cap > validate.LastCap() {
+			if g.HostSpecific && cap > utils.LastCap() {
 				continue
 			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
@@ -848,7 +848,7 @@ func (g *Generator) ClearProcessCapabilities() {
 // AddProcessCapability adds a process capability into g.spec.Process.Capabilities.
 func (g *Generator) AddProcessCapability(c string) error {
 	cp := strings.ToUpper(c)
-	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
+	if err := utils.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
@@ -895,7 +895,7 @@ func (g *Generator) AddProcessCapability(c string) error {
 // DropProcessCapability drops a process capability from g.spec.Process.Capabilities.
 func (g *Generator) DropProcessCapability(c string) error {
 	cp := strings.ToUpper(c)
-	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
+	if err := utils.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 

diff --git a/utils/utils.go b/utils/utils.go
@@ -0,0 +1,82 @@
+package utils
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/syndtr/gocapability/capability"
+)
+
+// CapValid checks whether a capability is valid
+func CapValid(c string, hostSpecific bool) error {
+	isValid := false
+
+	if !strings.HasPrefix(c, "CAP_") {
+		return fmt.Errorf("capability %s must start with CAP_", c)
+	}
+	for _, cap := range capability.List() {
+		if c == fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())) {
+			if hostSpecific && cap > LastCap() {
+				return fmt.Errorf("CAP_%s is not supported on the current host", c)
+			}
+			isValid = true
+			break
+		}
+	}
+
+	if !isValid {
+		return fmt.Errorf("Invalid capability: %s", c)
+	}
+	return nil
+}
+
+// LastCap return last cap of system
+func LastCap() capability.Cap {
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
+
+	return last
+}
+
+// UnitListValid checks strings whether is valid for
+// cpuset.cpus and cpuset.mems, duplicates are allowed
+// Supported formats:
+// 1
+// 0-3
+// 0-2,1,3
+// 0-2,1-3,4
+func UnitListValid(val string) error {
+	if val == "" {
+		return nil
+	}
+
+	split := strings.Split(val, ",")
+	errInvalidFormat := fmt.Errorf("invalid format: %s", val)
+
+	for _, r := range split {
+		if !strings.Contains(r, "-") {
+			_, err := strconv.Atoi(r)
+			if err != nil {
+				return errInvalidFormat
+			}
+		} else {
+			split := strings.SplitN(r, "-", 2)
+			min, err := strconv.Atoi(split[0])
+			if err != nil {
+				return errInvalidFormat
+			}
+			max, err := strconv.Atoi(split[1])
+			if err != nil {
+				return errInvalidFormat
+			}
+			if max < min {
+				return errInvalidFormat
+			}
+		}
+	}
+	return nil
+}
diff --git a/validate/validate.go b/validate/validate.go
@@ -16,7 +16,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/blang/semver"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/syndtr/gocapability/capability"
+	"github.com/opencontainers/runtime-tools/utils"
 )
 
 const specConfig = "config.json"
@@ -282,7 +282,7 @@ func (v *Validator) CheckCapabilities() (msgs []string) {
 		}
 
 		for capability, owns := range caps {
-			if err := CapValid(capability, v.HostSpecific); err != nil {
+			if err := utils.CapValid(capability, v.HostSpecific); err != nil {
 				msgs = append(msgs, fmt.Sprintf("capability %q is not valid, man capabilities(7)", capability))
 			}
 
@@ -534,6 +534,20 @@ func (v *Validator) CheckLinuxResources() (msgs []string) {
 	logrus.Debugf("check linux resources")
 
 	r := v.spec.Linux.Resources
+
+	if r.CPU != nil {
+		if r.CPU.Cpus != "" {
+			if err := utils.UnitListValid(r.CPU.Cpus); err != nil {
+				msgs = append(msgs, err.Error())
+			}
+		}
+		if r.CPU.Mems != "" {
+			if err := utils.UnitListValid(r.CPU.Mems); err != nil {
+				msgs = append(msgs, err.Error())
+			}
+		}
+	}
+
 	if r.Memory != nil {
 		if r.Memory.Limit != nil && r.Memory.Swap != nil && uint64(*r.Memory.Limit) > uint64(*r.Memory.Swap) {
 			msgs = append(msgs, fmt.Sprintf("Minimum memoryswap should be larger than memory limit"))
@@ -542,6 +556,7 @@ func (v *Validator) CheckLinuxResources() (msgs []string) {
 			msgs = append(msgs, fmt.Sprintf("Minimum memory limit should be larger than memory reservation"))
 		}
 	}
+
 	if r.Network != nil && v.HostSpecific {
 		var exist bool
 		interfaces, err := net.Interfaces()
@@ -607,40 +622,6 @@ func (v *Validator) CheckSeccomp() (msgs []string) {
 	return
 }
 
-// CapValid checks whether a capability is valid
-func CapValid(c string, hostSpecific bool) error {
-	isValid := false
-
-	if !strings.HasPrefix(c, "CAP_") {
-		return fmt.Errorf("capability %s must start with CAP_", c)
-	}
-	for _, cap := range capability.List() {
-		if c == fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())) {
-			if hostSpecific && cap > LastCap() {
-				return fmt.Errorf("CAP_%s is not supported on the current host", c)
-			}
-			isValid = true
-			break
-		}
-	}
-
-	if !isValid {
-		return fmt.Errorf("Invalid capability: %s", c)
-	}
-	return nil
-}
-
-// LastCap return last cap of system
-func LastCap() capability.Cap {
-	last := capability.CAP_LAST_CAP
-	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
-	if last == capability.Cap(63) {
-		last = capability.CAP_BLOCK_SUSPEND
-	}
-
-	return last
-}
-
 func envValid(env string) bool {
 	items := strings.Split(env, "=")
 	if len(items) < 2 {