We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

api/types/container: PidMode: fix validation for empty container name/ID

Commit e7d75c8db7da8be0ae45a1abba5652658c536a2a fixed validation of "host"
mode values, but also introduced a regression for validating "container:"
mode PID-modes.

PID-mode implemented a stricter validation than the other options and, unlike
the other options, did not accept an empty container name/ID. This feature was
originally implemented in fb43ef649bc6aa11ca19c0e046518e85e1c7e2fa, added some
some integration tests (but no coverage for this case), and the related changes
in the API types did not have unit-tests.

While a later change (d4aec5f0a680b6b01bb720830451a93c6ec398e6) added a test
for the `--pid=container:` (empty name) case, that test was later migrated to
the CLI repository, as it covered parsing the flag (and validating the result).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn 2 years ago
parent
53c813961e
commit
6f0e28d024
2 changed files with 11 additions and 2 deletions
Split View Show Diff Stats
  1. 10 1
      api/types/container/hostconfig.go
  2. 1 1
      api/types/container/hostconfig_unix_test.go

+ 10 - 1
api/types/container/hostconfig.go
View File 

@@ -116,6 +116,7 @@ func (n IpcMode) IsEmpty() bool {
 
 
 // Valid indicates whether the ipc mode is valid.
 
 func (n IpcMode) Valid() bool {
 
+	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
 
 	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
 
 }
 
 
@@ -194,6 +195,7 @@ func (c CgroupSpec) IsContainer() bool {
 
 
 // Valid indicates whether the cgroup spec is valid.
 
 func (c CgroupSpec) Valid() bool {
 
+	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
 
 	return c == "" || c.IsContainer()
 
 }
 
 
@@ -242,7 +244,7 @@ func (n PidMode) IsContainer() bool {
 
 
 // Valid indicates whether the pid namespace is valid.
 
 func (n PidMode) Valid() bool {
 
-	return n == "" || n.IsHost() || n.IsContainer()
 
+	return n == "" || n.IsHost() || validContainer(string(n))
 
 }
 
 
 // Container returns the name of the container whose pid namespace is going to be used.
 
@@ -446,3 +448,10 @@ func containerID(val string) (idOrName string, ok bool) {
 
 	}
 
 	return v, true
 
 }
 
+
 
+// validContainer checks if the given value is a "container:" mode with
 
+// a non-empty name/ID.
 
+func validContainer(val string) bool {
 
+	id, ok := containerID(val)
 
+	return ok && id != ""
 
+}

+ 1 - 1
api/types/container/hostconfig_unix_test.go
View File 

@@ -199,7 +199,7 @@ func TestPidMode(t *testing.T) {
 
 		"host:":                 {valid: false, private: true},
 
 		"host:name":             {valid: false, private: true},
 
 		"container":             {valid: false, private: true},
 
-		"container:":            {valid: true, private: false, container: true, ctrName: ""},
 
+		"container:":            {valid: false, private: false, container: true, ctrName: ""},
 
 		"container:name":        {valid: true, private: false, container: true, ctrName: "name"},
 
 		"container:name1:name2": {valid: true, private: false, container: true, ctrName: "name1:name2"},
 
 	}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5