summaryrefslogtreecommitdiff
path: root/pkg/util/utils.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-03-27 10:13:51 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-03-27 14:36:03 -0400
commit4352d585490f6c1eb7234ef4f92e0157083d69b3 (patch)
treee69b2d9487ea7623c2d04eaa848e67792e42faaa /pkg/util/utils.go
parent2c5c1980200806d2a0dde375564b505b9150e645 (diff)
downloadpodman-4352d585490f6c1eb7234ef4f92e0157083d69b3.tar.gz
podman-4352d585490f6c1eb7234ef4f92e0157083d69b3.tar.bz2
podman-4352d585490f6c1eb7234ef4f92e0157083d69b3.zip
Add support for containers.conf
vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/util/utils.go')
-rw-r--r--pkg/util/utils.go43
1 files changed, 43 insertions, 0 deletions
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index 3e11c010a..0c055745d 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -609,3 +609,46 @@ func Tmpdir() string {
return tmpdir
}
+
+// ValidateSysctls validates a list of sysctl and returns it.
+func ValidateSysctls(strSlice []string) (map[string]string, error) {
+ sysctl := make(map[string]string)
+ validSysctlMap := map[string]bool{
+ "kernel.msgmax": true,
+ "kernel.msgmnb": true,
+ "kernel.msgmni": true,
+ "kernel.sem": true,
+ "kernel.shmall": true,
+ "kernel.shmmax": true,
+ "kernel.shmmni": true,
+ "kernel.shm_rmid_forced": true,
+ }
+ validSysctlPrefixes := []string{
+ "net.",
+ "fs.mqueue.",
+ }
+
+ for _, val := range strSlice {
+ foundMatch := false
+ arr := strings.Split(val, "=")
+ if len(arr) < 2 {
+ return nil, errors.Errorf("%s is invalid, sysctl values must be in the form of KEY=VALUE", val)
+ }
+ if validSysctlMap[arr[0]] {
+ sysctl[arr[0]] = arr[1]
+ continue
+ }
+
+ for _, prefix := range validSysctlPrefixes {
+ if strings.HasPrefix(arr[0], prefix) {
+ sysctl[arr[0]] = arr[1]
+ foundMatch = true
+ break
+ }
+ }
+ if !foundMatch {
+ return nil, errors.Errorf("sysctl '%s' is not whitelisted", arr[0])
+ }
+ }
+ return sysctl, nil
+}