summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-06-30 23:18:45 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-07-01 09:28:18 +0200
commit891dfd3a8f85c576ce6427b8dd9811b933d525d3 (patch)
treed8a0afdc6e9fa0603e3b414e65be59b954f62a48 /pkg
parent3426d56b92be2ac1c3cc62fc578e9cb6d64aca81 (diff)
downloadpodman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.tar.gz
podman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.tar.bz2
podman-891dfd3a8f85c576ce6427b8dd9811b933d525d3.zip
specgen: fix parsing of cgroup devices rule
Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/specgenutil/specgen.go16
-rw-r--r--pkg/specgenutil/specgenutil_test.go79
2 files changed, 89 insertions, 6 deletions
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index ab45a8d47..8ad0a92e7 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -1134,17 +1134,21 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er
}
number := strings.SplitN(value[1], ":", 2)
- i, err := strconv.ParseInt(number[0], 10, 64)
- if err != nil {
- return specs.LinuxDeviceCgroup{}, err
+ if number[0] != "*" {
+ i, err := strconv.ParseUint(number[0], 10, 64)
+ if err != nil {
+ return specs.LinuxDeviceCgroup{}, err
+ }
+ m := int64(i)
+ major = &m
}
- major = &i
if len(number) == 2 && number[1] != "*" {
- i, err := strconv.ParseInt(number[1], 10, 64)
+ i, err := strconv.ParseUint(number[1], 10, 64)
if err != nil {
return specs.LinuxDeviceCgroup{}, err
}
- minor = &i
+ m := int64(i)
+ minor = &m
}
access = value[2]
for _, c := range strings.Split(access, "") {
diff --git a/pkg/specgenutil/specgenutil_test.go b/pkg/specgenutil/specgenutil_test.go
index 5867b0ae0..fb2743f17 100644
--- a/pkg/specgenutil/specgenutil_test.go
+++ b/pkg/specgenutil/specgenutil_test.go
@@ -75,3 +75,82 @@ func TestWinPath(t *testing.T) {
}
}
}
+
+func TestParseLinuxResourcesDeviceAccess(t *testing.T) {
+ d, err := parseLinuxResourcesDeviceAccess("a *:* rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "a", "type is 'a'")
+ assert.Nil(t, d.Minor, "minor is nil")
+ assert.Nil(t, d.Major, "major is nil")
+
+ d, err = parseLinuxResourcesDeviceAccess("b 3:* rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "b", "type is 'b'")
+ assert.Nil(t, d.Minor, "minor is nil")
+ assert.NotNil(t, d.Major, "major is not nil")
+ assert.Equal(t, *d.Major, int64(3), "major is 3")
+
+ d, err = parseLinuxResourcesDeviceAccess("a *:3 rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "a", "type is 'a'")
+ assert.Nil(t, d.Major, "major is nil")
+ assert.NotNil(t, d.Minor, "minor is not nil")
+ assert.Equal(t, *d.Minor, int64(3), "minor is 3")
+
+ d, err = parseLinuxResourcesDeviceAccess("c 1:2 rwm")
+ assert.Nil(t, err, "err is nil")
+ assert.True(t, d.Allow, "allow is true")
+ assert.Equal(t, d.Type, "c", "type is 'c'")
+ assert.NotNil(t, d.Major, "minor is not nil")
+ assert.Equal(t, *d.Major, int64(1), "minor is 1")
+ assert.NotNil(t, d.Minor, "minor is not nil")
+ assert.Equal(t, *d.Minor, int64(2), "minor is 2")
+
+ _, err = parseLinuxResourcesDeviceAccess("q *:* rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a a:* rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:a rwm")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:* abc")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("* *:* *")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("* *:a2 *")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("*:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:*")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a 12a:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a a12:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a 0x1:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a -2:* r")
+ assert.NotNil(t, err, "err is not nil")
+
+ _, err = parseLinuxResourcesDeviceAccess("a *:-3 r")
+ assert.NotNil(t, err, "err is not nil")
+}