opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add validate() for containers

Browse Source 
Until now, we've been validating every part of container
configuration through the With... functions that set the options.
This if fine when we are just validating the options to an
individual function, but things get complicated once we need to
validate conflicts between different options. We don't know the
order in which things were passed, so we need the validation on
both of the potential options that can conflict, resulting in
significant code duplication. To solve this, add a validate()
function for containers, and use this to check whether everything
is in a good state.

We can probably move more into this function (there are other
parts of container creation that also do validation of a sort)
but this is a good start to simplifying our options.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This commit is contained in:
Matthew Heon
2020-03-01 17:54:11 -05:00
parent 275e9b855d
commit e45456223c
3 changed files with 107 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
libpod/runtime_ctr.go
View File

@ -133,7 +133,12 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
return r.setupContainer(ctx, ctr)
}
func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (c *Container, err error) {
func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Container, err error) {
// Validate the container
if err := ctr.validate(); err != nil {
return nil, err
}
// Allocate a lock for the container
lock, err := r.lockManager.AllocateLock()
if err != nil {
@ -190,27 +195,6 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (c *Contai
ctr.config.Name = name
}
// If CGroups are disabled, we MUST create a PID namespace.
// Otherwise, the OCI runtime won't be able to stop our container.
if ctr.config.NoCgroups {
if ctr.config.Spec.Linux == nil {
return nil, errors.Wrapf(define.ErrInvalidArg, "must provide Linux namespace configuration in OCI spec when using NoCgroups")
}
foundPid := false
for _, ns := range ctr.config.Spec.Linux.Namespaces {
if ns.Type == spec.PIDNamespace {
foundPid = true
if ns.Path != "" {
return nil, errors.Wrapf(define.ErrInvalidArg, "containers not creating CGroups must create a private PID namespace - cannot use another")
}
break
}
}
if !foundPid {
return nil, errors.Wrapf(define.ErrInvalidArg, "containers not creating CGroups must create a private PID namespace")
}
}
// Check CGroup parent sanity, and set it if it was not set.
// Only if we're actually configuring CGroups.
if !ctr.config.NoCgroups {