diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-06-30 23:18:45 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-07-01 09:28:18 +0200 |
| commit | 891dfd3a8f85c576ce6427b8dd9811b933d525d3 (patch) | |
| tree | d8a0afdc6e9fa0603e3b414e65be59b954f62a48 | |
| parent | 3426d56b92be2ac1c3cc62fc578e9cb6d64aca81 (diff) | |
| download | podman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.tar.gz podman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.tar.bz2 podman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.zip | |
specgen: fix parsing of cgroup devices rule
Fix the parse for the cgroup devices rule to correctly handle the
wildcard syntax for the device major.
Also make sure the device major and minor are not negative numbers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| -rw-r--r-- | pkg/specgenutil/specgen.go | 16 | ||||
| -rw-r--r-- | pkg/specgenutil/specgenutil_test.go | 79 | ||||
| -rw-r--r-- | test/system/030-run.bats | 2 |
3 files changed, 90 insertions, 7 deletions
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index ab45a8d47..8ad0a92e7 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -1134,17 +1134,21 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er } number := strings.SplitN(value[1], ":", 2) - i, err := strconv.ParseInt(number[0], 10, 64) - if err != nil { - return specs.LinuxDeviceCgroup{}, err + if number[0] != "*" { + i, err := strconv.ParseUint(number[0], 10, 64) + if err != nil { + return specs.LinuxDeviceCgroup{}, err + } + m := int64(i) + major = &m } - major = &i if len(number) == 2 && number[1] != "*" { - i, err := strconv.ParseInt(number[1], 10, 64) + i, err := strconv.ParseUint(number[1], 10, 64) if err != nil { return specs.LinuxDeviceCgroup{}, err } - minor = &i + m := int64(i) + minor = &m } access = value[2] for _, c := range strings.Split(access, "") { diff --git a/pkg/specgenutil/specgenutil_test.go b/pkg/specgenutil/specgenutil_test.go index 5867b0ae0..fb2743f17 100644 --- a/pkg/specgenutil/specgenutil_test.go +++ b/pkg/specgenutil/specgenutil_test.go @@ -75,3 +75,82 @@ func TestWinPath(t *testing.T) { } } } + +func TestParseLinuxResourcesDeviceAccess(t *testing.T) { + d, err := parseLinuxResourcesDeviceAccess("a *:* rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "a", "type is 'a'") + assert.Nil(t, d.Minor, "minor is nil") + assert.Nil(t, d.Major, "major is nil") + + d, err = parseLinuxResourcesDeviceAccess("b 3:* rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "b", "type is 'b'") + assert.Nil(t, d.Minor, "minor is nil") + assert.NotNil(t, d.Major, "major is not nil") + assert.Equal(t, *d.Major, int64(3), "major is 3") + + d, err = parseLinuxResourcesDeviceAccess("a *:3 rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "a", "type is 'a'") + assert.Nil(t, d.Major, "major is nil") + assert.NotNil(t, d.Minor, "minor is not nil") + assert.Equal(t, *d.Minor, int64(3), "minor is 3") + + d, err = parseLinuxResourcesDeviceAccess("c 1:2 rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "c", "type is 'c'") + assert.NotNil(t, d.Major, "minor is not nil") + assert.Equal(t, *d.Major, int64(1), "minor is 1") + assert.NotNil(t, d.Minor, "minor is not nil") + assert.Equal(t, *d.Minor, int64(2), "minor is 2") + + _, err = parseLinuxResourcesDeviceAccess("q *:* rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a a:* rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:a rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:* abc") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("* *:* *") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("* *:a2 *") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("*:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a 12a:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a a12:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a 0x1:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a -2:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:-3 r") + assert.NotNil(t, err, "err is not nil") +} diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 56cf4f266..b3e3cef00 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -730,7 +730,7 @@ EOF run_podman 125 run --device-cgroup-rule="x 7:* rmw" --rm $IMAGE is "$output" "Error: invalid device type in device-access-add: x" run_podman 125 run --device-cgroup-rule="a a:* rmw" --rm $IMAGE - is "$output" "Error: strconv.ParseInt: parsing \"a\": invalid syntax" + is "$output" "Error: strconv.ParseUint: parsing \"a\": invalid syntax" } @test "podman run closes stdin" { |