summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoropenshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com>2022-07-01 11:13:49 +0000
committerGitHub <noreply@github.com>2022-07-01 11:13:49 +0000
commita737412eeb523c0fd925572f94dc4a189465e1d0 (patch)
treeaba5da829553c62ec9da6b44a241b8ba1c50ed11
parentdc2a93421b184e7176a5893c515a907b542c762e (diff)
parent891dfd3a8f85c576ce6427b8dd9811b933d525d3 (diff)
downloadpodman-a737412eeb523c0fd925572f94dc4a189465e1d0.tar.gz
podman-a737412eeb523c0fd925572f94dc4a189465e1d0.tar.bz2
podman-a737412eeb523c0fd925572f94dc4a189465e1d0.zip
Merge pull request #14795 from giuseppe/fix-wildcard-major-device-cgroup
specgen: fix parsing of cgroup devices rule
-rw-r--r--pkg/specgenutil/specgen.go16
-rw-r--r--pkg/specgenutil/specgenutil_test.go79
-rw-r--r--test/system/030-run.bats2
3 files changed, 90 insertions, 7 deletions
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index ab45a8d47..8ad0a92e7 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -1134,17 +1134,21 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er
}
number := strings.SplitN(value[1], ":", 2)
- i, err := strconv.ParseInt(number[0], 10, 64)
- if err != nil {
- return specs.LinuxDeviceCgroup{}, err
+ if number[0] != "*" {
+ i, err := strconv.ParseUint(number[0], 10, 64)
+ if err != nil {
+ return specs.LinuxDeviceCgroup{}, err
+ }
+ m := int64(i)
+ major = &m
}
- major = &i
if len(number) == 2 && number[1] != "*" {
- i, err := strconv.ParseInt(number[1], 10, 64)
+ i, err := strconv.ParseUint(number[1], 10, 64)
if err != nil {
return specs.LinuxDeviceCgroup{}, err
}
- minor = &i
+ m := int64(i)
+ minor = &m
}
access = value[2]
for _, c := range strings.Split(access, "") {
diff --git a/pkg/specgenutil/specgenutil_test.go b/pkg/specgenutil/specgenutil_test.go
index 5867b0ae0..fb2743f17 100644
--- a/pkg/specgenutil/specgenutil_test.go
+++ b/pkg/specgenutil/specgenutil_test.go
@@ -75,3 +75,82 @@ func TestWinPath(t *testing.T) {
}
}
}
+
+func TestParseLinuxResourcesDeviceAccess(t *testing.T) {
+ d, err := parseLinuxResourcesDeviceAccess("a *:* rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "a", "type is 'a'")
+ assert.Nil(t, d.Minor, "minor is nil")
+ assert.Nil(t, d.Major, "major is nil")
+
+ d, err = parseLinuxResourcesDeviceAccess("b 3:* rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "b", "type is 'b'")
+ assert.Nil(t, d.Minor, "minor is nil")
+ assert.NotNil(t, d.Major, "major is not nil")
+ assert.Equal(t, *d.Major, int64(3), "major is 3")
+
+ d, err = parseLinuxResourcesDeviceAccess("a *:3 rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "a", "type is 'a'")
+ assert.Nil(t, d.Major, "major is nil")
+ assert.NotNil(t, d.Minor, "minor is not nil")
+ assert.Equal(t, *d.Minor, int64(3), "minor is 3")
+
+ d, err = parseLinuxResourcesDeviceAccess("c 1:2 rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "c", "type is 'c'")
+ assert.NotNil(t, d.Major, "minor is not nil")
+ assert.Equal(t, *d.Major, int64(1), "minor is 1")
+ assert.NotNil(t, d.Minor, "minor is not nil")
+ assert.Equal(t, *d.Minor, int64(2), "minor is 2")
+
+ _, err = parseLinuxResourcesDeviceAccess("q *:* rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a a:* rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:a rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:* abc")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("* *:* *")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("* *:a2 *")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("*:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a 12a:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a a12:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a 0x1:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a -2:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:-3 r")
+ assert.NotNil(t, err, "err is not nil")
+}
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 56cf4f266..b3e3cef00 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -730,7 +730,7 @@ EOF
run_podman 125 run --device-cgroup-rule="x 7:* rmw" --rm $IMAGE
is "$output" "Error: invalid device type in device-access-add: x"
run_podman 125 run --device-cgroup-rule="a a:* rmw" --rm $IMAGE
- is "$output" "Error: strconv.ParseInt: parsing \"a\": invalid syntax"
+ is "$output" "Error: strconv.ParseUint: parsing \"a\": invalid syntax"
}
@test "podman run closes stdin" {