diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2020-03-27 10:13:51 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-03-27 14:36:03 -0400 |
| commit | 4352d585490f6c1eb7234ef4f92e0157083d69b3 (patch) | |
| tree | e69b2d9487ea7623c2d04eaa848e67792e42faaa /pkg/util | |
| parent | 2c5c1980200806d2a0dde375564b505b9150e645 (diff) | |
| download | podman-4352d585490f6c1eb7234ef4f92e0157083d69b3.tar.gz podman-4352d585490f6c1eb7234ef4f92e0157083d69b3.tar.bz2 podman-4352d585490f6c1eb7234ef4f92e0157083d69b3.zip | |
Add support for containers.conf
vendor in c/common config pkg for containers.conf
Signed-off-by: Qi Wang qiwan@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/util')
| -rw-r--r-- | pkg/util/utils.go | 43 | ||||
| -rw-r--r-- | pkg/util/utils_test.go | 12 |
2 files changed, 55 insertions, 0 deletions
diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 3e11c010a..0c055745d 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -609,3 +609,46 @@ func Tmpdir() string { return tmpdir } + +// ValidateSysctls validates a list of sysctl and returns it. +func ValidateSysctls(strSlice []string) (map[string]string, error) { + sysctl := make(map[string]string) + validSysctlMap := map[string]bool{ + "kernel.msgmax": true, + "kernel.msgmnb": true, + "kernel.msgmni": true, + "kernel.sem": true, + "kernel.shmall": true, + "kernel.shmmax": true, + "kernel.shmmni": true, + "kernel.shm_rmid_forced": true, + } + validSysctlPrefixes := []string{ + "net.", + "fs.mqueue.", + } + + for _, val := range strSlice { + foundMatch := false + arr := strings.Split(val, "=") + if len(arr) < 2 { + return nil, errors.Errorf("%s is invalid, sysctl values must be in the form of KEY=VALUE", val) + } + if validSysctlMap[arr[0]] { + sysctl[arr[0]] = arr[1] + continue + } + + for _, prefix := range validSysctlPrefixes { + if strings.HasPrefix(arr[0], prefix) { + sysctl[arr[0]] = arr[1] + foundMatch = true + break + } + } + if !foundMatch { + return nil, errors.Errorf("sysctl '%s' is not whitelisted", arr[0]) + } + } + return sysctl, nil +} diff --git a/pkg/util/utils_test.go b/pkg/util/utils_test.go index 0995d1e20..a9b37844e 100644 --- a/pkg/util/utils_test.go +++ b/pkg/util/utils_test.go @@ -245,3 +245,15 @@ func TestGetImageConfigMisc(t *testing.T) { _, err = GetImageConfig([]string{"BADINST testvalue"}) assert.NotNil(t, err) } + +func TestValidateSysctls(t *testing.T) { + strSlice := []string{"net.core.test1=4", "kernel.msgmax=2"} + result, _ := ValidateSysctls(strSlice) + assert.Equal(t, result["net.core.test1"], "4") +} + +func TestValidateSysctlBadSysctl(t *testing.T) { + strSlice := []string{"BLAU=BLUE", "GELB^YELLOW"} + _, err := ValidateSysctls(strSlice) + assert.Error(t, err) +} |